{"openvas": [{"lastseen": "2017-07-24T12:55:40", "bulletinFamily": "scanner", "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-07-06T00:00:00", "published": "2011-08-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831439", "id": "OPENVAS:831439", "title": "Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in\n java-1.6.0-openjdk:\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29\n and earlier, and 1.4.2_31 and earlier allows remote untrusted Java\n Web Start applications and untrusted Java applets to affect integrity\n via unknown vectors related to Deserialization (CVE-2011-0865).\n \n Multiple unspecified vulnerabilities in the Java Runtime Environment\n (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\n 29 and earlier, and 1.4.2_31 and earlier allow remote attackers\n to affect confidentiality, integrity, and availability via unknown\n vectors related to 2D (CVE-2011-0862).\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29\n and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web\n Start applications and untrusted Java applets to affect confidentiality\n via unknown vectors related to Networking (CVE-2011-0867).\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 26 and earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets\n to affect confidentiality via unknown vectors related to SAAJ\n (CVE-2011-0869).\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier allows remote\n attackers to affect confidentiality via unknown vectors related to 2D\n (CVE-2011-0868).\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\n 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted\n Java Web Start applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown vectors\n related to HotSpot (CVE-2011-0864).\n \n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\n 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted\n Java Web Start applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown vectors\n related to Swing (CVE-2011-0871).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java-1.6.0-openjdk on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-08/msg00008.php\");\n script_id(831439);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:126\");\n script_cve_id(\"CVE-2011-0865\", \"CVE-2011-0862\", \"CVE-2011-0867\", \"CVE-2011-0869\", \"CVE-2011-0868\", \"CVE-2011-0864\", \"CVE-2011-0871\");\n script_name(\"Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk)\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender1\", rpm:\"libxrender1~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-devel\", rpm:\"libxrender-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-static-devel\", rpm:\"libxrender-static-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender\", rpm:\"libxrender~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender1\", rpm:\"lib64xrender1~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-devel\", rpm:\"lib64xrender-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-static-devel\", rpm:\"lib64xrender-static-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk~javadoc-1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender1\", rpm:\"libxrender1~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-devel\", rpm:\"libxrender-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-static-devel\", rpm:\"libxrender-static-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender\", rpm:\"libxrender~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender1\", rpm:\"lib64xrender1~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-devel\", rpm:\"lib64xrender-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-static-devel\", rpm:\"lib64xrender-static-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender1\", rpm:\"libxrender1~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-devel\", rpm:\"libxrender-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-static-devel\", rpm:\"libxrender-static-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender\", rpm:\"libxrender~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender1\", rpm:\"lib64xrender1~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-devel\", rpm:\"lib64xrender-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-static-devel\", rpm:\"lib64xrender-static-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:06:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-08-18T00:00:00", "id": "OPENVAS:1361412562310831439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831439", "title": "Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-08/msg00008.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831439\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:126\");\n script_cve_id(\"CVE-2011-0865\", \"CVE-2011-0862\", \"CVE-2011-0867\", \"CVE-2011-0869\", \"CVE-2011-0868\", \"CVE-2011-0864\", \"CVE-2011-0871\");\n script_name(\"Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were discovered and corrected in\n java-1.6.0-openjdk:\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29\n and earlier, and 1.4.2_31 and earlier allows remote untrusted Java\n Web Start applications and untrusted Java applets to affect integrity\n via unknown vectors related to Deserialization (CVE-2011-0865).\n\n Multiple unspecified vulnerabilities in the Java Runtime Environment\n (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\n 29 and earlier, and 1.4.2_31 and earlier allow remote attackers\n to affect confidentiality, integrity, and availability via unknown\n vectors related to 2D (CVE-2011-0862).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29\n and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web\n Start applications and untrusted Java applets to affect confidentiality\n via unknown vectors related to Networking (CVE-2011-0867).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 26 and earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets\n to affect confidentiality via unknown vectors related to SAAJ\n (CVE-2011-0869).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier allows remote\n attackers to affect confidentiality via unknown vectors related to 2D\n (CVE-2011-0868).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\n 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted\n Java Web Start applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown vectors\n related to HotSpot (CVE-2011-0864).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\n 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted\n Java Web Start applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown vectors\n related to Swing (CVE-2011-0871).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~0.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~22.b22.2mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender1\", rpm:\"libxrender1~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-devel\", rpm:\"libxrender-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-static-devel\", rpm:\"libxrender-static-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender\", rpm:\"libxrender~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender1\", rpm:\"lib64xrender1~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-devel\", rpm:\"lib64xrender-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-static-devel\", rpm:\"lib64xrender-static-devel~0.9.6~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk~javadoc-1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~22.b22.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender1\", rpm:\"libxrender1~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-devel\", rpm:\"libxrender-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-static-devel\", rpm:\"libxrender-static-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender\", rpm:\"libxrender~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender1\", rpm:\"lib64xrender1~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-devel\", rpm:\"lib64xrender-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-static-devel\", rpm:\"lib64xrender-static-devel~0.9.6~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~22.b22.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender1\", rpm:\"libxrender1~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-devel\", rpm:\"libxrender-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender-static-devel\", rpm:\"libxrender-static-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxrender\", rpm:\"libxrender~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender1\", rpm:\"lib64xrender1~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-devel\", rpm:\"lib64xrender-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xrender-static-devel\", rpm:\"lib64xrender-static-devel~0.9.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:00", "bulletinFamily": "scanner", "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-07-12T00:00:00", "published": "2011-06-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870445", "id": "OPENVAS:870445", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Integer overflow flaws were found in the way Java2D parsed JPEG images and\n user-supplied fonts. An attacker could use these flaws to execute arbitrary\n code with the privileges of the user running an untrusted applet or\n application. (CVE-2011-0862)\n \n It was found that the MediaTracker implementation created Component\n instances with unnecessary access privileges. A remote attacker could use\n this flaw to elevate their privileges by utilizing an untrusted applet or\n application that uses Swing. (CVE-2011-0871)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n \n An information leak flaw was found in the NetworkInterface class. An\n untrusted applet or application could use this flaw to access information\n about available network interfaces that should only be available to\n privileged code. (CVE-2011-0867)\n \n An incorrect float-to-long conversion, leading to an overflow, was found\n in the way certain objects (such as images and text) were transformed in\n Java2D. A remote attacker could use this flaw to crash an untrusted applet\n or application that uses Java2D. (CVE-2011-0868)\n \n It was found that untrusted applets and applications could misuse a SOAP\n connection to incorrectly set global HTTP proxy settings instead of\n setting them in a local scope. This flaw could be used to intercept HTTP\n requests. (CVE-2011-0869)\n \n A flaw was found in the way signed objects were deserialized. If trusted\n and untrusted code were running in the same Java Virtual Machine (JVM), and\n both were deserializing the same signed object, the untrusted code could\n modify said object by using this flaw to bypass the validation checks on\n signed objects. (CVE-2011-0865)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these\n issues. All running instances of OpenJDK Java must be restarted for the\n update to take effect.\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-June/msg00003.html\");\n script_id(870445);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0857-01\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java~1.6.0-openjdk-debuginfo\", rpm:\"java~1.6.0-openjdk-debuginfo~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:26:00", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2011-0857", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122146", "title": "Oracle Linux Local Check: ELSA-2011-0857", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0857.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122146\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:49 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0857\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0857 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0857\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0857.html\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.22.1.9.8.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.22.1.9.8.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.22.1.9.8.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.22.1.9.8.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.22.1.9.8.0.1.el5_6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:32", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881350", "title": "CentOS Update for java CESA-2011:0857 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0857 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Integer overflow flaws were found in the way Java2D parsed JPEG images and\n user-supplied fonts. An attacker could use these flaws to execute arbitrary\n code with the privileges of the user running an untrusted applet or\n application. (CVE-2011-0862)\n \n It was found that the MediaTracker implementation created Component\n instances with unnecessary access privileges. A remote attacker could use\n this flaw to elevate their privileges by utilizing an untrusted applet or\n application that uses Swing. (CVE-2011-0871)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n \n An information leak flaw was found in the NetworkInterface class. An\n untrusted applet or application could use this flaw to access information\n about available network interfaces that should only be available to\n privileged code. (CVE-2011-0867)\n \n An incorrect float-to-long conversion, leading to an overflow, was found\n in the way certain objects (such as images and text) were transformed in\n Java2D. A remote attacker could use this flaw to crash an untrusted applet\n or application that uses Java2D. (CVE-2011-0868)\n \n It was found that untrusted applets and applications could misuse a SOAP\n connection to incorrectly set global HTTP proxy settings instead of\n setting them in a local scope. This flaw could be used to intercept HTTP\n requests. (CVE-2011-0869)\n \n A flaw was found in the way signed objects were deserialized. If trusted\n and untrusted code were running in the same Java Virtual Machine (JVM), and\n both were deserializing the same signed object, the untrusted code could\n modify said object by using this flaw to bypass the validation checks on\n signed objects. (CVE-2011-0865)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these\n issues. All running instances of OpenJDK Java must be restarted for the\n update to take effect.\";\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017618.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881350\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:33:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\",\n \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0857\");\n script_name(\"CentOS Update for java CESA-2011:0857 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:55", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2018-04-06T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880554", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880554", "title": "CentOS Update for java CESA-2011:0857 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0857 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Integer overflow flaws were found in the way Java2D parsed JPEG images and\n user-supplied fonts. An attacker could use these flaws to execute arbitrary\n code with the privileges of the user running an untrusted applet or\n application. (CVE-2011-0862)\n \n It was found that the MediaTracker implementation created Component\n instances with unnecessary access privileges. A remote attacker could use\n this flaw to elevate their privileges by utilizing an untrusted applet or\n application that uses Swing. (CVE-2011-0871)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n \n An information leak flaw was found in the NetworkInterface class. An\n untrusted applet or application could use this flaw to access information\n about available network interfaces that should only be available to\n privileged code. (CVE-2011-0867)\n \n An incorrect float-to-long conversion, leading to an overflow, was found\n in the way certain objects (such as images and text) were transformed in\n Java2D. A remote attacker could use this flaw to crash an untrusted applet\n or application that uses Java2D. (CVE-2011-0868)\n \n It was found that untrusted applets and applications could misuse a SOAP\n connection to incorrectly set global HTTP proxy settings instead of\n setting them in a local scope. This flaw could be used to intercept HTTP\n requests. (CVE-2011-0869)\n \n A flaw was found in the way signed objects were deserialized. If trusted\n and untrusted code were running in the same Java Virtual Machine (JVM), and\n both were deserializing the same signed object, the untrusted code could\n modify said object by using this flaw to bypass the validation checks on\n signed objects. (CVE-2011-0865)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these\n issues. All running instances of OpenJDK Java must be restarted for the\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017617.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880554\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0857\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_name(\"CentOS Update for java CESA-2011:0857 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo-1.6.0.0\", rpm:\"java-1.6.0-openjdk-demo-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src-1.6.0.0\", rpm:\"java-1.6.0-openjdk-src-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2311-1.", "modified": "2017-07-07T00:00:00", "published": "2011-10-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70400", "id": "OPENVAS:70400", "title": "Debian Security Advisory DSA 2311-1 (openjdk-6)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2311_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2311-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Java SE platform. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2011-0862\nInteger overflow errors in the JPEG and font parser allow\nuntrusted code (including applets) to elevate its privileges.\n\nCVE-2011-0864\nHotspot, the just-in-time compiler in OpenJDK, mishandled\ncertain byte code instructions, allowing untrusted code\n(including applets) to crash the virtual machine.\n\nCVE-2011-0865\nA race condition in signed object deserialization could\nallow untrusted code to modify signed content, apparently\nleaving its signature intact.\n\nCVE-2011-0867\nUntrusted code (including applets) could access information\nabout network interfaces which was not intended to be public.\n(Note that the interface MAC address is still available to\nuntrusted code.)\n\nCVE-2011-0868\nA float-to-long conversion could overflow, , allowing\nuntrusted code (including applets) to crash the virtual\nmachine.\n\nCVE-2011-0869\nUntrusted code (including applets) could intercept HTTP\nrequests by reconfiguring proxy settings through a SOAP\nconnection.\n\nCVE-2011-0871\nUntrusted code (including applets) could elevate its\nprivileges through the Swing MediaTracker code.\n\nIn addition, this update removes support for the Zero/Shark and Cacao\nHotspot variants from the i386 and amd64 due to stability issues.\nThese Hotspot variants are included in the openjdk-6-jre-zero and\nicedtea-6-jre-cacao packages, and these packages must be removed\nduring this update.\n\nFor the oldstable distribution (lenny), these problems will be fixed\nin a separate DSA for technical reasons.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6b18-1.8.9-0.1~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid(, these problems have been fixed in version 6b18-1.8.9-0.1.\n\nWe recommend that you upgrade your OpenJDK packages.\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 2311-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202311-1\";\n\n\nif(description)\n{\n script_id(70400);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-16 23:01:53 +0200 (Sun, 16 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_name(\"Debian Security Advisory DSA 2311-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b18-1.8.9-0.1~squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b23~pre10-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:22", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2018-01-09T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881350", "id": "OPENVAS:881350", "title": "CentOS Update for java CESA-2011:0857 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0857 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Integer overflow flaws were found in the way Java2D parsed JPEG images and\n user-supplied fonts. An attacker could use these flaws to execute arbitrary\n code with the privileges of the user running an untrusted applet or\n application. (CVE-2011-0862)\n \n It was found that the MediaTracker implementation created Component\n instances with unnecessary access privileges. A remote attacker could use\n this flaw to elevate their privileges by utilizing an untrusted applet or\n application that uses Swing. (CVE-2011-0871)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n \n An information leak flaw was found in the NetworkInterface class. An\n untrusted applet or application could use this flaw to access information\n about available network interfaces that should only be available to\n privileged code. (CVE-2011-0867)\n \n An incorrect float-to-long conversion, leading to an overflow, was found\n in the way certain objects (such as images and text) were transformed in\n Java2D. A remote attacker could use this flaw to crash an untrusted applet\n or application that uses Java2D. (CVE-2011-0868)\n \n It was found that untrusted applets and applications could misuse a SOAP\n connection to incorrectly set global HTTP proxy settings instead of\n setting them in a local scope. This flaw could be used to intercept HTTP\n requests. (CVE-2011-0869)\n \n A flaw was found in the way signed objects were deserialized. If trusted\n and untrusted code were running in the same Java Virtual Machine (JVM), and\n both were deserializing the same signed object, the untrusted code could\n modify said object by using this flaw to bypass the validation checks on\n signed objects. (CVE-2011-0865)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these\n issues. All running instances of OpenJDK Java must be restarted for the\n update to take effect.\";\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017618.html\");\n script_id(881350);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:33:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\",\n \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0857\");\n script_name(\"CentOS Update for java CESA-2011:0857 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:56:26", "bulletinFamily": "scanner", "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2018-01-08T00:00:00", "published": "2012-06-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870734", "id": "OPENVAS:870734", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Integer overflow flaws were found in the way Java2D parsed JPEG images and\n user-supplied fonts. An attacker could use these flaws to execute arbitrary\n code with the privileges of the user running an untrusted applet or\n application. (CVE-2011-0862)\n\n It was found that the MediaTracker implementation created Component\n instances with unnecessary access privileges. A remote attacker could use\n this flaw to elevate their privileges by utilizing an untrusted applet or\n application that uses Swing. (CVE-2011-0871)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n\n An information leak flaw was found in the NetworkInterface class. An\n untrusted applet or application could use this flaw to access information\n about available network interfaces that should only be available to\n privileged code. (CVE-2011-0867)\n\n An incorrect float-to-long conversion, leading to an overflow, was found\n in the way certain objects (such as images and text) were transformed in\n Java2D. A remote attacker could use this flaw to crash an untrusted applet\n or application that uses Java2D. (CVE-2011-0868)\n\n It was found that untrusted applets and applications could misuse a SOAP\n connection to incorrectly set global HTTP proxy settings instead of\n setting them in a local scope. This flaw could be used to intercept HTTP\n requests. (CVE-2011-0869)\n\n A flaw was found in the way signed objects were deserialized. If trusted\n and untrusted code were running in the same Java Virtual Machine (JVM), and\n both were deserializing the same signed object, the untrusted code could\n modify said object by using this flaw to bypass the validation checks on\n signed objects. (CVE-2011-0865)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-June/msg00002.html\");\n script_id(870734);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:57:26 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\",\n \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0856-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.39.1.9.8.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.39.1.9.8.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.39.1.9.8.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.39.1.9.8.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:25", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880554", "id": "OPENVAS:880554", "title": "CentOS Update for java CESA-2011:0857 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0857 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Integer overflow flaws were found in the way Java2D parsed JPEG images and\n user-supplied fonts. An attacker could use these flaws to execute arbitrary\n code with the privileges of the user running an untrusted applet or\n application. (CVE-2011-0862)\n \n It was found that the MediaTracker implementation created Component\n instances with unnecessary access privileges. A remote attacker could use\n this flaw to elevate their privileges by utilizing an untrusted applet or\n application that uses Swing. (CVE-2011-0871)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n \n An information leak flaw was found in the NetworkInterface class. An\n untrusted applet or application could use this flaw to access information\n about available network interfaces that should only be available to\n privileged code. (CVE-2011-0867)\n \n An incorrect float-to-long conversion, leading to an overflow, was found\n in the way certain objects (such as images and text) were transformed in\n Java2D. A remote attacker could use this flaw to crash an untrusted applet\n or application that uses Java2D. (CVE-2011-0868)\n \n It was found that untrusted applets and applications could misuse a SOAP\n connection to incorrectly set global HTTP proxy settings instead of\n setting them in a local scope. This flaw could be used to intercept HTTP\n requests. (CVE-2011-0869)\n \n A flaw was found in the way signed objects were deserialized. If trusted\n and untrusted code were running in the same Java Virtual Machine (JVM), and\n both were deserializing the same signed object, the untrusted code could\n modify said object by using this flaw to bypass the validation checks on\n signed objects. (CVE-2011-0865)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these\n issues. All running instances of OpenJDK Java must be restarted for the\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017617.html\");\n script_id(880554);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0857\");\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_name(\"CentOS Update for java CESA-2011:0857 centos5 i386\");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo-1.6.0.0\", rpm:\"java-1.6.0-openjdk-demo-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src-1.6.0.0\", rpm:\"java-1.6.0-openjdk-src-1.6.0.0~1.22.1.9.8.el5_6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:17:19", "bulletinFamily": "scanner", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20110608_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61065", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61065);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images\nand user-supplied fonts. An attacker could use these flaws to execute\narbitrary code with the privileges of the user running an untrusted\napplet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could\nuse this flaw to elevate their privileges by utilizing an untrusted\napplet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access\ninformation about available network interfaces that should only be\navailable to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was\nfound in the way certain objects (such as images and text) were\ntransformed in Java2D. A remote attacker could use this flaw to crash\nan untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a\nSOAP connection to incorrectly set global HTTP proxy settings instead\nof setting them in a local scope. This flaw could be used to intercept\nHTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If\ntrusted and untrusted code were running in the same Java Virtual\nMachine (JVM), and both were deserializing the same signed object, the\nuntrusted code could modify said object by using this flaw to bypass\nthe validation checks on signed objects. (CVE-2011-0865)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=2976\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c086282d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:04", "bulletinFamily": "scanner", "description": "http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110 2-released/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2011-8028.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55156", "published": "2011-06-16T00:00:00", "title": "Fedora 15 : java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 (2011-8028)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8028.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55156);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:24 $\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_xref(name:\"FEDORA\", value:\"2011-8028\");\n\n script_name(english:\"Fedora 15 : java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 (2011-8028)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110\n2-released/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-1102-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5081718d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706248\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061472.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61e98b1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:25", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.\n\n - CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.\n\n - CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.\n\n - CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)\n\n - CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code (including applets) to crash the virtual machine.\n\n - CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.\n\n - CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.\n\nIn addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues.\nThese Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2311.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56307", "published": "2011-09-28T00:00:00", "title": "Debian DSA-2311-1 : openjdk-6 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2311. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56307);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_bugtraq_id(48137, 48139, 48140, 48142, 48144, 48146, 48147);\n script_xref(name:\"DSA\", value:\"2311\");\n\n script_name(english:\"Debian DSA-2311-1 : openjdk-6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Java SE platform. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2011-0862\n Integer overflow errors in the JPEG and font parser\n allow untrusted code (including applets) to elevate its\n privileges.\n\n - CVE-2011-0864\n Hotspot, the just-in-time compiler in OpenJDK,\n mishandled certain byte code instructions, allowing\n untrusted code (including applets) to crash the virtual\n machine.\n\n - CVE-2011-0865\n A race condition in signed object deserialization could\n allow untrusted code to modify signed content,\n apparently leaving its signature intact.\n\n - CVE-2011-0867\n Untrusted code (including applets) could access\n information about network interfaces which was not\n intended to be public. (Note that the interface MAC\n address is still available to untrusted code.)\n\n - CVE-2011-0868\n A float-to-long conversion could overflow, allowing\n untrusted code (including applets) to crash the virtual\n machine.\n\n - CVE-2011-0869\n Untrusted code (including applets) could intercept HTTP\n requests by reconfiguring proxy settings through a SOAP\n connection.\n\n - CVE-2011-0871\n Untrusted code (including applets) could elevate its\n privileges through the Swing MediaTracker code.\n\nIn addition, this update removes support for the Zero/Shark and Cacao\nHotspot variants from the i386 and amd64 due to stability issues.\nThese Hotspot variants are included in the openjdk-6-jre-zero and\nicedtea-6-jre-cacao packages, and these packages must be removed\nduring this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openjdk-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-6 packages.\n\nFor the oldstable distribution (lenny), these problems will be fixed\nin a separate DSA for technical reasons.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6b18-1.8.9-0.1~squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-dbg\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-demo\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-doc\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jdk\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-source\", reference:\"6b18-1.8.9-0.1~squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:31", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0856 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "modified": "2018-08-13T00:00:00", "id": "ORACLELINUX_ELSA-2011-0856.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68286", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2011-0856)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0856 and \n# Oracle Linux Security Advisory ELSA-2011-0856 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68286);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_xref(name:\"RHSA\", value:\"2011:0856\");\n\n script_name(english:\"Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2011-0856)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0856 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images\nand user-supplied fonts. An attacker could use these flaws to execute\narbitrary code with the privileges of the user running an untrusted\napplet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could\nuse this flaw to elevate their privileges by utilizing an untrusted\napplet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access\ninformation about available network interfaces that should only be\navailable to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was\nfound in the way certain objects (such as images and text) were\ntransformed in Java2D. A remote attacker could use this flaw to crash\nan untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a\nSOAP connection to incorrectly set global HTTP proxy settings instead\nof setting them in a local scope. This flaw could be used to intercept\nHTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If\ntrusted and untrusted code were running in the same Java Virtual\nMachine (JVM), and both were deserializing the same signed object, the\nuntrusted code could modify said object by using this flaw to bypass\nthe validation checks on signed objects. (CVE-2011-0865)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-June/002177.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:16", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered and corrected in java-1.6.0-openjdk :\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization (CVE-2011-0865).\n\nMultiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-0862).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-0867).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ (CVE-2011-0869).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2011-0868).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot (CVE-2011-0864).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing (CVE-2011-0871).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been upgraded to versions which is not vulnerable to these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2011-126.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55853", "published": "2011-08-16T00:00:00", "title": "Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:126)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:126. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55853);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_bugtraq_id(48137, 48139, 48140, 48142, 48144, 48146, 48147);\n script_xref(name:\"MDVSA\", value:\"2011:126\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and corrected in\njava-1.6.0-openjdk :\n\nUnspecified vulnerability in the Java Runtime Environment (JRE)\ncomponent in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and\nearlier, and 1.4.2_31 and earlier allows remote untrusted Java Web\nStart applications and untrusted Java applets to affect integrity via\nunknown vectors related to Deserialization (CVE-2011-0865).\n\nMultiple unspecified vulnerabilities in the Java Runtime Environment\n(JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\n29 and earlier, and 1.4.2_31 and earlier allow remote attackers to\naffect confidentiality, integrity, and availability via unknown\nvectors related to 2D (CVE-2011-0862).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE)\ncomponent in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and\nearlier, and 1.4.2_31 and earlier allows remote untrusted Java Web\nStart applications and untrusted Java applets to affect\nconfidentiality via unknown vectors related to Networking\n(CVE-2011-0867).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE)\ncomponent in Oracle Java SE 6 Update 26 and earlier allows remote\nuntrusted Java Web Start applications and untrusted Java applets to\naffect confidentiality via unknown vectors related to SAAJ\n(CVE-2011-0869).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE)\ncomponent in Oracle Java SE 6 Update 25 and earlier allows remote\nattackers to affect confidentiality via unknown vectors related to 2D\n(CVE-2011-0868).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE)\ncomponent in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and\nearlier, and 1.4.2_31 and earlier allows remote untrusted Java Web\nStart applications and untrusted Java applets to affect\nconfidentiality, integrity, and availability via unknown vectors\nrelated to HotSpot (CVE-2011-0864).\n\nUnspecified vulnerability in the Java Runtime Environment (JRE)\ncomponent in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and\nearlier, and 1.4.2_31 and earlier allows remote untrusted Java Web\nStart applications and untrusted Java applets to affect\nconfidentiality, integrity, and availability via unknown vectors\nrelated to Swing (CVE-2011-0871).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been upgraded to versions which is not\nvulnerable to these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xrender-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xrender-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xrender1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxrender-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxrender-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxrender1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"icedtea-web-1.0.4-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xrender-devel-0.9.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xrender-static-devel-0.9.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xrender1-0.9.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxrender-devel-0.9.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxrender-static-devel-0.9.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxrender1-0.9.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"icedtea-web-1.0.4-0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xrender-devel-0.9.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xrender-static-devel-0.9.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xrender1-0.9.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxrender-devel-0.9.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxrender-static-devel-0.9.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxrender1-0.9.6-0.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:31", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0857 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "modified": "2018-08-13T00:00:00", "id": "ORACLELINUX_ELSA-2011-0857.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68287", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2011-0857)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0857 and \n# Oracle Linux Security Advisory ELSA-2011-0857 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68287);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_xref(name:\"RHSA\", value:\"2011:0857\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2011-0857)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0857 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images\nand user-supplied fonts. An attacker could use these flaws to execute\narbitrary code with the privileges of the user running an untrusted\napplet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could\nuse this flaw to elevate their privileges by utilizing an untrusted\napplet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access\ninformation about available network interfaces that should only be\navailable to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was\nfound in the way certain objects (such as images and text) were\ntransformed in Java2D. A remote attacker could use this flaw to crash\nan untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a\nSOAP connection to incorrectly set global HTTP proxy settings instead\nof setting them in a local scope. This flaw could be used to intercept\nHTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If\ntrusted and untrusted code were running in the same Java Virtual\nMachine (JVM), and both were deserializing the same signed object, the\nuntrusted code could modify said object by using this flaw to bypass\nthe validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and\nresolve these issues. All running instances of OpenJDK Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-June/002182.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.0.1.el5_6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.0.1.el5_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:19", "bulletinFamily": "scanner", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20110608_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61064", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61064);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images\nand user-supplied fonts. An attacker could use these flaws to execute\narbitrary code with the privileges of the user running an untrusted\napplet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could\nuse this flaw to elevate their privileges by utilizing an untrusted\napplet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access\ninformation about available network interfaces that should only be\navailable to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was\nfound in the way certain objects (such as images and text) were\ntransformed in Java2D. A remote attacker could use this flaw to crash\nan untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a\nSOAP connection to incorrectly set global HTTP proxy settings instead\nof setting them in a local scope. This flaw could be used to intercept\nHTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If\ntrusted and untrusted code were running in the same Java Virtual\nMachine (JVM), and both were deserializing the same signed object, the\nuntrusted code could modify said object by using this flaw to bypass\nthe validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and\nresolve these issues. All running instances of OpenJDK Java must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=3385\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69387ef8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:04", "bulletinFamily": "scanner", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2011-0857.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55110", "published": "2011-06-14T00:00:00", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2011:0857)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0857 and \n# CentOS Errata and Security Advisory 2011:0857 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55110);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_xref(name:\"RHSA\", value:\"2011:0857\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2011:0857)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images\nand user-supplied fonts. An attacker could use these flaws to execute\narbitrary code with the privileges of the user running an untrusted\napplet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could\nuse this flaw to elevate their privileges by utilizing an untrusted\napplet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access\ninformation about available network interfaces that should only be\navailable to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was\nfound in the way certain objects (such as images and text) were\ntransformed in Java2D. A remote attacker could use this flaw to crash\nan untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a\nSOAP connection to incorrectly set global HTTP proxy settings instead\nof setting them in a local scope. This flaw could be used to intercept\nHTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If\ntrusted and untrusted code were running in the same Java Virtual\nMachine (JVM), and both were deserializing the same signed object, the\nuntrusted code could modify said object by using this flaw to bypass\nthe validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and\nresolve these issues. All running instances of OpenJDK Java must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-June/017617.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?460f8948\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-June/017618.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c5ac104\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:01", "bulletinFamily": "scanner", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2011-0857.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55011", "published": "2011-06-09T00:00:00", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2011:0857)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0857. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55011);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/11/26 11:02:14\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_xref(name:\"RHSA\", value:\"2011:0857\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2011:0857)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images\nand user-supplied fonts. An attacker could use these flaws to execute\narbitrary code with the privileges of the user running an untrusted\napplet or application. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could\nuse this flaw to elevate their privileges by utilizing an untrusted\napplet or application that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), resulting in an applet or application crashing.\n(CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access\ninformation about available network interfaces that should only be\navailable to privileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was\nfound in the way certain objects (such as images and text) were\ntransformed in Java2D. A remote attacker could use this flaw to crash\nan untrusted applet or application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a\nSOAP connection to incorrectly set global HTTP proxy settings instead\nof setting them in a local scope. This flaw could be used to intercept\nHTTP requests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If\ntrusted and untrusted code were running in the same Java Virtual\nMachine (JVM), and both were deserializing the same signed object, the\nuntrusted code could modify said object by using this flaw to bypass\nthe validation checks on signed objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and\nresolve these issues. All running instances of OpenJDK Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0871\"\n );\n # http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8569058d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0857\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0857\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:02", "bulletinFamily": "scanner", "description": "http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110 2-released/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-12T00:00:00", "id": "FEDORA_2011-8003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55062", "published": "2011-06-12T00:00:00", "title": "Fedora 14 : java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14 (2011-8003)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8003.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55062);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0867\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0871\");\n script_bugtraq_id(48137, 48139, 48140, 48141, 48142, 48143, 48144, 48146, 48147);\n script_xref(name:\"FEDORA\", value:\"2011-8003\");\n\n script_name(english:\"Fedora 14 : java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14 (2011-8003)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-110\n2-released/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-1102-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5081718d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706248\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061352.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b54d2093\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:11", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and\nuser-supplied fonts. An attacker could use these flaws to execute arbitrary\ncode with the privileges of the user running an untrusted applet or\napplication. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could use\nthis flaw to elevate their privileges by utilizing an untrusted applet or\napplication that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access information\nabout available network interfaces that should only be available to\nprivileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found\nin the way certain objects (such as images and text) were transformed in\nJava2D. A remote attacker could use this flaw to crash an untrusted applet\nor application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP\nconnection to incorrectly set global HTTP proxy settings instead of\nsetting them in a local scope. This flaw could be used to intercept HTTP\nrequests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted\nand untrusted code were running in the same Java Virtual Machine (JVM), and\nboth were deserializing the same signed object, the untrusted code could\nmodify said object by using this flaw to bypass the validation checks on\nsigned objects. (CVE-2011-0865)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:16", "published": "2011-06-08T04:00:00", "id": "RHSA-2011:0856", "href": "https://access.redhat.com/errata/RHSA-2011:0856", "type": "redhat", "title": "(RHSA-2011:0856) Critical: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:41", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and\nuser-supplied fonts. An attacker could use these flaws to execute arbitrary\ncode with the privileges of the user running an untrusted applet or\napplication. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could use\nthis flaw to elevate their privileges by utilizing an untrusted applet or\napplication that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access information\nabout available network interfaces that should only be available to\nprivileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found\nin the way certain objects (such as images and text) were transformed in\nJava2D. A remote attacker could use this flaw to crash an untrusted applet\nor application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP\nconnection to incorrectly set global HTTP proxy settings instead of\nsetting them in a local scope. This flaw could be used to intercept HTTP\nrequests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted\nand untrusted code were running in the same Java Virtual Machine (JVM), and\nboth were deserializing the same signed object, the untrusted code could\nmodify said object by using this flaw to bypass the validation checks on\nsigned objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these\nissues. All running instances of OpenJDK Java must be restarted for the\nupdate to take effect.\n", "modified": "2017-09-08T12:09:04", "published": "2011-06-08T04:00:00", "id": "RHSA-2011:0857", "href": "https://access.redhat.com/errata/RHSA-2011:0857", "type": "redhat", "title": "(RHSA-2011:0857) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:42", "bulletinFamily": "unix", "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE Critical\nPatch Update Advisory\" page, listed in the References section.\n(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864,\nCVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871,\nCVE-2011-0873)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide JDK and JRE 6 Update 26 and resolve these issues.\nAll running instances of Sun Java must be restarted for the update to take\neffect.\n", "modified": "2018-06-07T09:04:33", "published": "2011-06-08T04:00:00", "id": "RHSA-2011:0860", "href": "https://access.redhat.com/errata/RHSA-2011:0860", "type": "redhat", "title": "(RHSA-2011:0860) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:02", "bulletinFamily": "unix", "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-0802, CVE-2011-0814,\nCVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868,\nCVE-2011-0869, CVE-2011-0871, CVE-2011-0873)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9-FP2 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:27", "published": "2011-07-15T04:00:00", "id": "RHSA-2011:0938", "href": "https://access.redhat.com/errata/RHSA-2011:0938", "type": "redhat", "title": "(RHSA-2011:0938) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:50", "bulletinFamily": "unix", "description": "The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-0311, CVE-2011-0802,\nCVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871)\n\nNote: The RHSA-2011:0490 java-1.4.2-ibm update did not, unlike the erratum\ntext stated, provide a complete fix for the CVE-2011-0311 issue.\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP10 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2017-09-08T11:50:33", "published": "2011-08-15T04:00:00", "id": "RHSA-2011:1159", "href": "https://access.redhat.com/errata/RHSA-2011:1159", "type": "redhat", "title": "(RHSA-2011:1159) Critical: java-1.4.2-ibm security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:12", "bulletinFamily": "unix", "description": "The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 1.4.2 Runtime\nEnvironment and the IBM Java 1.4.2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime\nEnvironment and the IBM Java 1.4.2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-0311, CVE-2011-0802,\nCVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871)\n\nNote: The RHSA-2011:0870 java-1.4.2-ibm-sap update did not, unlike the\nerratum text stated, provide a complete fix for the CVE-2011-0311 issue.\n\nAll users of java-1.4.2-ibm-sap are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP10 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2018-06-09T14:15:23", "published": "2011-09-06T04:00:00", "id": "RHSA-2011:1265", "href": "https://access.redhat.com/errata/RHSA-2011:1265", "type": "redhat", "title": "(RHSA-2011:1265) Moderate: java-1.4.2-ibm-sap security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:23", "bulletinFamily": "unix", "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-0802, CVE-2011-0814,\nCVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-0873)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP5 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2018-06-07T09:04:17", "published": "2011-07-22T04:00:00", "id": "RHSA-2011:1087", "href": "https://access.redhat.com/errata/RHSA-2011:1087", "type": "redhat", "title": "(RHSA-2011:1087) Critical: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:13", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2311-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nSeptember 27, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871\nDebian Bug : 629852\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Java SE platform. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges.\n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine.\n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact.\n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public.\n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine.\n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection.\n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code.\n\nIn addition, this update removes support for the Zero/Shark and Cacao\nHotspot variants from the i386 and amd64 due to stability issues.\nThese Hotspot variants are included in the openjdk-6-jre-zero and\nicedtea-6-jre-cacao packages, and these packages must be removed\nduring this update.\n\nFor the oldstable distribution (lenny), these problems will be fixed\nin a separate DSA for technical reasons.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 6b18-1.8.9-0.1~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid(, these problems have been fixed in version 6b18-1.8.9-0.1.\n\nWe recommend that you upgrade your OpenJDK packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-09-27T20:10:53", "published": "2011-09-27T20:10:53", "id": "DEBIAN:DSA-2311-1:3A8CD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00188.html", "title": "[SECURITY] [DSA 2311-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:37", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2358-1 security@debian.org\nhttp://www.debian.org/security/ \nDecember 05, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Java platform. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1.\n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges.\n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine.\n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact.\n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public.\n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine.\n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection.\n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code.\n\nCVE-2011-3389\n\tThe TLS implementation does not guard properly against certain\n\tchosen-plaintext attacks when block ciphers are used in CBC\n\tmode.\n\nCVE-2011-3521\n\tThe CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges.\n\nCVE-2011-3544\n\tThe Java scripting engine lacks necessary security manager\n\tchecks, allowing untrusted Java code (such as applets) to\n\televate its privileges.\n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code.\n\nCVE-2011-3548\n\tThe java.awt.AWTKeyStroke class contains a flaw which allows\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges.\n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges.\n\nCVE-2011-3552\n\tMalicous Java code can use up an excessive amount of UDP\n\tports, leading to a denial of service.\n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information.\n\nCVE-2011-3554\n\tJAR files in pack200 format are not properly checked for\n\terrors, potentially leading to arbitrary code execution when\n\tunpacking crafted pack200 files.\n\nCVE-2011-3556\n\tThe RMI Registry server lacks access restrictions on certain\n\tmethods, allowing a remote client to execute arbitary code.\n\nCVE-2011-3557\n\tThe RMI Registry server fails to properly restrict privileges\n\tof untrusted Java code, allowing RMI clients to elevate their\n\tprivileges on the RMI Registry server.\n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-12-05T19:27:12", "published": "2011-12-05T19:27:12", "id": "DEBIAN:DSA-2358-1:F21E5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00236.html", "title": "[SECURITY] [DSA 2358-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:126\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : java-1.6.0-openjdk\r\n Date : August 15, 2011\r\n Affected: 2009.0, 2010.1, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities were discovered and corrected in\r\n java-1.6.0-openjdk:\r\n \r\n Unspecified vulnerability in the Java Runtime Environment (JRE)\r\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29\r\n and earlier, and 1.4.2_31 and earlier allows remote untrusted Java\r\n Web Start applications and untrusted Java applets to affect integrity\r\n via unknown vectors related to Deserialization (CVE-2011-0865).\r\n \r\n Multiple unspecified vulnerabilities in the Java Runtime Environment\r\n (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\r\n 29 and earlier, and 1.4.2_31 and earlier allow remote attackers\r\n to affect confidentiality, integrity, and availability via unknown\r\n vectors related to 2D (CVE-2011-0862).\r\n \r\n Unspecified vulnerability in the Java Runtime Environment (JRE)\r\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29\r\n and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web\r\n Start applications and untrusted Java applets to affect confidentiality\r\n via unknown vectors related to Networking (CVE-2011-0867).\r\n \r\n Unspecified vulnerability in the Java Runtime Environment (JRE)\r\n component in Oracle Java SE 6 Update 26 and earlier allows remote\r\n untrusted Java Web Start applications and untrusted Java applets\r\n to affect confidentiality via unknown vectors related to SAAJ\r\n (CVE-2011-0869).\r\n \r\n Unspecified vulnerability in the Java Runtime Environment (JRE)\r\n component in Oracle Java SE 6 Update 25 and earlier allows remote\r\n attackers to affect confidentiality via unknown vectors related to 2D\r\n (CVE-2011-0868).\r\n \r\n Unspecified vulnerability in the Java Runtime Environment (JRE)\r\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\r\n 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted\r\n Java Web Start applications and untrusted Java applets to affect\r\n confidentiality, integrity, and availability via unknown vectors\r\n related to HotSpot (CVE-2011-0864).\r\n \r\n Unspecified vulnerability in the Java Runtime Environment (JRE)\r\n component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update\r\n 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted\r\n Java Web Start applications and untrusted Java applets to affect\r\n confidentiality, integrity, and availability via unknown vectors\r\n related to Swing (CVE-2011-0871).\r\n \r\n Packages for 2009.0 are provided as of the Extended Maintenance\r\n Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\r\n \r\n The updated packages have been upgraded to versions which is not\r\n vulnerable to these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n 19d265aa46efb3258d4b4cc7e73dbbb5 2009.0/i586/icedtea-web-1.0.4-0.2mdv2009.0.i586.rpm\r\n c1f3d3c181547b334ae1c8b15d5237a0 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.i586.rpm\r\n d9f5607c72e4f4a4505177ea3ea969be 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.i586.rpm\r\n 53b0c3bb0e810c59d6eaef6e042da0b8 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.i586.rpm\r\n 7f943009d100860baac42203568e6ac4 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.i586.rpm\r\n bc5eeeefc469ffa521ed38987498336b 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.i586.rpm\r\n 48be307c53c6eecca3f3dc1490f229d9 2009.0/i586/libxrender1-0.9.6-0.1mdv2009.0.i586.rpm\r\n 554c86426aeec975f3a50c18c96adadc 2009.0/i586/libxrender-devel-0.9.6-0.1mdv2009.0.i586.rpm\r\n e07e83effc61bde329ea7e224460a327 2009.0/i586/libxrender-static-devel-0.9.6-0.1mdv2009.0.i586.rpm \r\n 508b185fd12ecc76467b49f24d7b2217 2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm\r\n 6af1f5671e368bd1b4c58dd16ea0017c 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm\r\n 54be43c2618facb1d935cb520aefa833 2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n ae9f928190ede8942ac1aff89fe2f463 2009.0/x86_64/icedtea-web-1.0.4-0.2mdv2009.0.x86_64.rpm\r\n fa2141bfeb38567d55713e1cc0d0cebf 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm\r\n 174eaeed97f7b861138ae96c9b5d8993 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm\r\n 6db525e9a731a01eefe9ffeb61d3add0 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm\r\n f0c543aea5e2073b58f3a09d8081e785 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm\r\n dea21aca839de0d21601887308449b32 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm\r\n 5dc2eadd81004cc5aa1644521b9e40af 2009.0/x86_64/lib64xrender1-0.9.6-0.1mdv2009.0.x86_64.rpm\r\n 001c4afe613fa6dcc317cf71896be57b 2009.0/x86_64/lib64xrender-devel-0.9.6-0.1mdv2009.0.x86_64.rpm\r\n 5539885e9c91f5114dec2476df3b4cc6 2009.0/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2009.0.x86_64.rpm \r\n 508b185fd12ecc76467b49f24d7b2217 2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm\r\n 6af1f5671e368bd1b4c58dd16ea0017c 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm\r\n 54be43c2618facb1d935cb520aefa833 2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n af7f9f7275e503319c42604e44a93f78 2010.1/i586/icedtea-web-1.0.4-0.2mdv2010.2.i586.rpm\r\n 235712e4b1e878607715ad1e2a2fc6e7 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.i586.rpm\r\n cb738210a1d89e1d7a6f35e7c711ab10 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.i586.rpm\r\n 8a426eac6eb9787a15b9cd0a69a3d415 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.i586.rpm\r\n f452545a878a69df9d7bbf26f17e009e 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.i586.rpm\r\n 9e7ed926eadbd1be9a371627fb5e7cbc 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.i586.rpm\r\n 0c235232aa7bc5ed98c459c7a8538acf 2010.1/i586/libxrender1-0.9.6-0.1mdv2010.2.i586.rpm\r\n 6bc3d56a7395063f4cb7bd3de9744ff2 2010.1/i586/libxrender-devel-0.9.6-0.1mdv2010.2.i586.rpm\r\n 78dae2ae6305cb11b9938fd9470c87a8 2010.1/i586/libxrender-static-devel-0.9.6-0.1mdv2010.2.i586.rpm \r\n ee8f5afeb5896a84ccb4459c47ed1b11 2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm\r\n ee1ed4d0bd5e2754464df0597b8a55aa 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm\r\n 55b0784e0c2b42114998cf694ef1fb02 2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 0bd89ff2c5ddcc783092e8dcc9acaec1 2010.1/x86_64/icedtea-web-1.0.4-0.2mdv2010.2.x86_64.rpm\r\n 93172eb2586f4f3dbae66d0abaf88c81 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm\r\n 967c5bb38487820b259d192aefbcb9e6 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm\r\n 8676fc951ad6ec322579db64714b1486 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm\r\n caf43f0f0225dc5c903317a022e38a69 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm\r\n 6bed48be7d85aec169b7860da60f400b 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm\r\n 0bf576b059af48591c95fc9364c86083 2010.1/x86_64/lib64xrender1-0.9.6-0.1mdv2010.2.x86_64.rpm\r\n af28d32a7d64d44d96c73ee784fbb725 2010.1/x86_64/lib64xrender-devel-0.9.6-0.1mdv2010.2.x86_64.rpm\r\n a0dbb140973cdb9d57fc04c3a4c69126 2010.1/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2010.2.x86_64.rpm \r\n ee8f5afeb5896a84ccb4459c47ed1b11 2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm\r\n ee1ed4d0bd5e2754464df0597b8a55aa 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm\r\n 55b0784e0c2b42114998cf694ef1fb02 2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 804975906b9a7af0dd528a2cfdb16ac6 mes5/i586/icedtea-web-1.0.4-0.2mdvmes5.2.i586.rpm\r\n 4bc3bd160048659e0e29008b51a9023a mes5/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm\r\n c899d91a69b2dfafec9b17a7c884969b mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm\r\n c605a09cc06a5b85a385332cf2796725 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm\r\n 039af4fca1593a5b3a0d0eae0ca76692 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm\r\n ec14265c03a3636a43b5c99c743b18a0 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm\r\n d3d1636413e0f54d2c7c349600657675 mes5/i586/libxrender1-0.9.6-0.1mdvmes5.2.i586.rpm\r\n 6adfc8948ce1f7fe3f517229db281454 mes5/i586/libxrender-devel-0.9.6-0.1mdvmes5.2.i586.rpm\r\n f5f988a83c0a7c3713530d46fcc4a0f7 mes5/i586/libxrender-static-devel-0.9.6-0.1mdvmes5.2.i586.rpm \r\n c7c4c75829e2d8622c2e947605a27091 mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm\r\n 5b7a1163490afaf752c05102c23be41f mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm\r\n 709ae35d50b7155fe89a6fd2d26eb865 mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n f670e23a581cca291ece27139e788dc1 mes5/x86_64/icedtea-web-1.0.4-0.2mdvmes5.2.x86_64.rpm\r\n 0f3893008199b11f87d18edce4554de6 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm\r\n 6fad2efe89e7efe9387933e65e3cadd0 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm\r\n 80a052ca0777874763cf1735b4f706ff mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm\r\n 6990b2b5c0de9c1e2d7248a021ef0ba8 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm\r\n 4a39be86e947e6a61fb3002a130c83e1 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm\r\n a4b0d0938c5802bf0e998c38f0f0f427 mes5/x86_64/lib64xrender1-0.9.6-0.1mdvmes5.2.x86_64.rpm\r\n dfebaaf4394ac9f1f8a8f465784ceb63 mes5/x86_64/lib64xrender-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm\r\n 2ba6d8a3903b1ff61f3494bacde1048b mes5/x86_64/lib64xrender-static-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm \r\n c7c4c75829e2d8622c2e947605a27091 mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm\r\n 5b7a1163490afaf752c05102c23be41f mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm\r\n 709ae35d50b7155fe89a6fd2d26eb865 mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFOSSBxmqjQ0CJFipgRAge9AKC/zeEWPazF5pZpS7q1uKjW/Gk1bgCgtDCN\r\nxWq7I61m6QqApgs/cRKngYg=\r\n=HCN8\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:DOC:26859", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26859", "title": "[ MDVSA-2011:126 ] java-1.6.0-openjdk", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0857\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nInteger overflow flaws were found in the way Java2D parsed JPEG images and\nuser-supplied fonts. An attacker could use these flaws to execute arbitrary\ncode with the privileges of the user running an untrusted applet or\napplication. (CVE-2011-0862)\n\nIt was found that the MediaTracker implementation created Component\ninstances with unnecessary access privileges. A remote attacker could use\nthis flaw to elevate their privileges by utilizing an untrusted applet or\napplication that uses Swing. (CVE-2011-0871)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), resulting in an applet or application crashing. (CVE-2011-0864)\n\nAn information leak flaw was found in the NetworkInterface class. An\nuntrusted applet or application could use this flaw to access information\nabout available network interfaces that should only be available to\nprivileged code. (CVE-2011-0867)\n\nAn incorrect float-to-long conversion, leading to an overflow, was found\nin the way certain objects (such as images and text) were transformed in\nJava2D. A remote attacker could use this flaw to crash an untrusted applet\nor application that uses Java2D. (CVE-2011-0868)\n\nIt was found that untrusted applets and applications could misuse a SOAP\nconnection to incorrectly set global HTTP proxy settings instead of\nsetting them in a local scope. This flaw could be used to intercept HTTP\nrequests. (CVE-2011-0869)\n\nA flaw was found in the way signed objects were deserialized. If trusted\nand untrusted code were running in the same Java Virtual Machine (JVM), and\nboth were deserializing the same signed object, the untrusted code could\nmodify said object by using this flaw to bypass the validation checks on\nsigned objects. (CVE-2011-0865)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these\nissues. All running instances of OpenJDK Java must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-June/017617.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-June/017618.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0857.html", "modified": "2011-06-13T10:03:30", "published": "2011-06-13T10:03:30", "href": "http://lists.centos.org/pipermail/centos-announce/2011-June/017617.html", "id": "CESA-2011:0857", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-11-01T05:13:13", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.", "modified": "2018-10-30T12:26:25", "published": "2011-06-14T14:55:02", "id": "CVE-2011-0865", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0865", "title": "CVE-2011-0865", "type": "cve", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-22T12:42:02", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.", "modified": "2017-12-21T21:29:04", "published": "2011-06-14T14:55:02", "id": "CVE-2011-0869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0869", "title": "CVE-2011-0869", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:13:13", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.", "modified": "2018-10-30T12:26:25", "published": "2011-06-14T14:55:02", "id": "CVE-2011-0864", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0864", "title": "CVE-2011-0864", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-22T12:42:02", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.", "modified": "2017-12-21T21:29:04", "published": "2011-06-14T14:55:02", "id": "CVE-2011-0868", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0868", "title": "CVE-2011-0868", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:13:13", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.", "modified": "2018-10-30T12:26:25", "published": "2011-06-14T14:55:02", "id": "CVE-2011-0867", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0867", "title": "CVE-2011-0867", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:13:13", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.", "modified": "2018-10-30T12:26:25", "published": "2011-06-14T14:55:02", "id": "CVE-2011-0871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0871", "title": "CVE-2011-0871", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:13:13", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "modified": "2018-10-30T12:26:25", "published": "2011-06-14T14:55:02", "id": "CVE-2011-0862", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0862", "title": "CVE-2011-0862", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:23", "bulletinFamily": "unix", "description": "It was discovered that a heap overflow in the AWT FileDialog.show() method could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0815)\n\nIt was dicovered that integer overflows in the JPEGImageReader readImage() function and the SunLayoutEngine nativeLayout() function could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0822, CVE-2011-0862)\n\nIt was discovered that memory corruption could occur when interpreting bytecode in the HotSpot VM. This could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0864)\n\nIt was discovered that the deserialization code allowed the creation of mutable SignedObjects. This could allow an attacker to possibly execute code with elevated privileges. (CVE-2011-0865)\n\nIt was discovered that the toString method in the NetworkInterface class would reveal multiple addresses if they were bound to the interface. This could give an attacker more information about the networking environment. (CVE-2011-0867)\n\nIt was discovered that the Java 2D code to transform an image with a scale close to 0 could trigger an integer overflow. This could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. (CVE-2011-0868)\n\nIt was discovered that the SOAP with Attachments API for Java (SAAJ) implementation allowed the modification of proxy settings via unprivileged SOAP messages. (CVE-2011-0869, CVE-2011-0870)\n\nIt was the discovered that the Swing ImageIcon class created MediaTracker objects that potentially leaked privileged ApplicationContexts. This could possibly allow an attacker access to restricted resources or services. (CVE-2011-0871)\n\nIt was discovered that non-blocking sockets marked as not urgent could still get selected for read operations. This could allow an attacker to cause a denial of service. (CVE-2011-0872)", "modified": "2011-06-17T00:00:00", "published": "2011-06-17T00:00:00", "id": "USN-1154-1", "href": "https://usn.ubuntu.com/1154-1/", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:04", "bulletinFamily": "unix", "description": "[1.6.0.0-1.39.1.9.8]\n- Resolves: rhbz#709375\n- Bumped to IcedTea6 1.9.8\n- Copy fontconfig files to match names for current and next release\n- RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent\n disabled get still selected for read ops (win)\n- RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization\n- RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in\n FileDialog.show()\n- RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D\n code\n- RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal\n bindings\n- RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ\n- RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ\n- RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image\n with scale close to zero\n- RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc\n- RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address\n size variables", "modified": "2011-06-08T00:00:00", "published": "2011-06-08T00:00:00", "id": "ELSA-2011-0856", "href": "http://linux.oracle.com/errata/ELSA-2011-0856.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:26", "bulletinFamily": "unix", "description": "[1:1.6.0.0-1.22.1.9.8.0.1.el5_6]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.22.1.9.8]\n- Resolves: rhbz#668488\n- Bumped to IcedTea6 1.9.8\n- RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent\n disabled get still selected for read ops (win)\n- RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization\n- RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in\n FileDialog.show()\n- RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D\n code\n- RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal\n bindings\n- RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ\n- RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ\n- RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image\n with scale close to zero\n- RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc\n- RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address\n size variables\n[1:1.6.0.0-1.22.1.9.7]\n- Resolves bz690289\n- Import from RHEL-5_6-Z\n- Updated to IcedTea6 1.9.7\n- Removed all plugin/webstart related commented lines\n- Modified bz entry format in previous logs to get around cvs ack checking bug", "modified": "2011-06-08T00:00:00", "published": "2011-06-08T00:00:00", "id": "ELSA-2011-0857", "href": "http://linux.oracle.com/errata/ELSA-2011-0857.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "description": "Icedtea as included in java-1_6_0-openjdk was updated to\n fix several security issues:\n\n * S6213702, CVE-2011-0872: (so) non-blocking sockets with\n TCP urgent disabled get still selected for read ops (win)\n * S6618658, CVE-2011-0865: Vulnerability in deserialization\n * S7012520, CVE-2011-0815: Heap overflow vulnerability in\n FileDialog.show()\n * S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows\n in 2D code\n * S7013969, CVE-2011-0867: NetworkInterface.toString can\n reveal bindings\n * S7013971, CVE-2011-0869: Vulnerability in SAAJ\n * S7016340, CVE-2011-0870: Vulnerability in SAAJ\n * S7016495, CVE-2011-0868: Crash in Java 2D transforming an\n image with scale close to zero\n * S7020198, CVE-2011-0871: ImageIcon creates Component with\n null acc\n * S7020373, CVE-2011-0864: JSR rewriting can overflow\n memory address size\n\n", "modified": "2011-06-28T13:08:22", "published": "2011-06-28T13:08:22", "id": "OPENSUSE-SU-2011:0706-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00015.html", "type": "suse", "title": "java-1_6_0-openjdk (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "description": "Oracle Java 6 Update 26 fixes several security\n vulnerabilities.\n\n Please refer to Oracle's site for further information:\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/javacpujun\">http://www.oracle.com/technetwork/topics/security/javacpujun</a>\n e2011-313339.html\n <<a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/javacpuju\">http://www.oracle.com/technetwork/topics/security/javacpuju</a>\n ne2011-313339.html>\n", "modified": "2011-06-14T19:08:14", "published": "2011-06-14T19:08:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00002.html", "id": "SUSE-SU-2011:0632-1", "type": "suse", "title": "Sun/Oracle Java (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:03", "bulletinFamily": "unix", "description": "Oracle Java 6 Update 26 fixes several security\n vulnerabilities.\n\n Please refer to Oracle's site for further information:\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/topics/security/javacpujun\">http://www.oracle.com/technetwork/topics/security/javacpujun</a>\n e2011-313339.html\n\n (CVE-2011-0862, CVE-2011-0873, CVE-2011-0815,\n CVE-2011-0817, CVE-2011-0863, CVE-2011-0864, CVE-2011-0802,\n CVE-2011-0814, CVE-2011-0871, CVE-2011-0786, CVE-2011-0788,\n CVE-2011-0866, CVE-2011-0868, CVE-2011-0872, CVE-2011-0867,\n CVE-2011-0869, CVE-2011-0865)\n\n", "modified": "2011-06-14T19:08:17", "published": "2011-06-14T19:08:17", "id": "OPENSUSE-SU-2011:0633-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html", "title": "Oracle Java 26 (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:47", "bulletinFamily": "unix", "description": "IBM Java 1.6.0 SR9-FP2 fixes several of bugs and thew\n following security issues:\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and\n earlier allows remote untrusted Java Web Start applications\n and untrusted Java applets to affect integrity via unknown\n vectors related to Deserialization. (CVE-2011-0865\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and\n earlier, when running on Windows, allows remote untrusted\n Java Web Start applications and untrusted Java applets to\n affect confidentiality, integrity, and availability via\n unknown vectors related to Java Runtime Environment. (\n CVE-2011-0866\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, when running on Windows, allows remote\n untrusted Java Web Start applications and untrusted Java\n applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Deployment, a\n different vulnerability than CVE-2011-0788. (CVE-2011-0786\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, when running on Windows, allows remote\n untrusted Java Web Start applications and untrusted Java\n applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Deployment, a\n different vulnerability than CVE-2011-0786. (CVE-2011-0788\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, when running on Windows, allows remote\n untrusted Java Web Start applications and untrusted Java\n applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Deployment, a\n different vulnerability than CVE-2011-0786. (CVE-2011-0802\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and\n earlier allows remote attackers to affect confidentiality,\n integrity, and availability via unknown vectors related to\n Sound, a different vulnerability than CVE-2011-0802.\n (CVE-2011-0814\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and\n earlier allows remote untrusted Java Web Start applications\n and untrusted Java applets to affect confidentiality,\n integrity, and availability via unknown vectors related to\n AWT. (CVE-2011-0815\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815</a>\n > )\n\n *\n\n Multiple unspecified vulnerabilities in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allow remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors related to 2D. (CVE-2011-0862\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and\n earlier allows remote untrusted Java Web Start applications\n and untrusted Java applets to affect confidentiality via\n unknown vectors related to Networking. ( CVE-2011-0867\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 26\n and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality via unknown vectors related to SAAJ. (\n CVE-2011-0869\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, when running on Windows, allows remote\n untrusted Java Web Start applications and untrusted Java\n applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Deployment. (\n CVE-2011-0817\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown\n vectors related to Deployment. (CVE-2011-0863\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier allows remote attackers to affect\n confidentiality via unknown vectors related to 2D.\n (CVE-2011-0868\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and\n earlier allows remote untrusted Java Web Start applications\n and untrusted Java applets to affect confidentiality,\n integrity, and availability via unknown vectors related to\n Swing. (CVE-2011-0871\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier allows remote attackers to affect availability\n via unknown vectors related to NIO. (CVE-2011-0872\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872</a>\n > )\n\n *\n\n An unspecified vulnerability in the Java Runtime\n Environment (JRE) component in Oracle Java SE 6 Update 25\n and earlier, and 5.0 Update 29 and earlier, allows remote\n attackers to affect confidentiality, integrity, and\n availability via unknown vectors related to 2D. (\n CVE-2011-0873\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873</a>\n > )\n", "modified": "2011-07-19T07:08:31", "published": "2011-07-19T07:08:31", "id": "SUSE-SU-2011:0807-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html", "type": "suse", "title": "Security update for IBM Java (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:36:09", "bulletinFamily": "unix", "description": "IBM Java 1.6.0 was updated to SR9-FP2 to fix lots of bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2011-07-18T17:57:23", "published": "2011-07-18T17:57:23", "id": "SUSE-SA:2011:030", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html", "title": "remote code execution in java-1_6_0-ibm", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:25", "bulletinFamily": "unix", "description": "IBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes\n various bugs and security issues.\n\n The following security issues have been fixed:\n\n *\n\n CVE-2011-0865: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect integrity\n via unknown vectors related to Deserialization.\n\n *\n\n CVE-2011-0866: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier, when running on Windows, allows\n remote untrusted Java Web Start applications and untrusted\n Java applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Java Runtime\n Environment.\n\n *\n\n CVE-2011-0802: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, when running on Windows, allows\n remote untrusted Java Web Start applications and untrusted\n Java applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Deployment, a\n different vulnerability than CVE-2011-0786.\n\n *\n\n CVE-2011-0814: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors related to Sound, a different vulnerability than\n CVE-2011-0802.\n\n *\n\n CVE-2011-0815: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown\n vectors related to AWT.\n\n *\n\n CVE-2011-0862: Multiple unspecified vulnerabilities\n in the Java Runtime Environment (JRE) component in Oracle\n Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier,\n and 1.4.2_31 and earlier allow remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors related to 2D.\n\n *\n\n CVE-2011-0867: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality via unknown vectors related to Networking.\n\n *\n\n CVE-2011-0871: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown\n vectors related to Swing.\n\n *\n\n CVE-2011-0872: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier allows remote attackers to affect\n availability via unknown vectors related to NIO.\n", "modified": "2011-08-29T20:08:51", "published": "2011-08-29T20:08:51", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html", "id": "SUSE-SU-2011:0966-1", "type": "suse", "title": "Security update for IBM Java (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:19", "bulletinFamily": "unix", "description": "IBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2011-08-29T12:59:14", "published": "2011-08-29T12:59:14", "id": "SUSE-SA:2011:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html", "type": "suse", "title": "remote code execution in java-1_4_2-ibm", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "bulletinFamily": "unix", "description": "IBM Java 1.5.0 SR12 FP5 has been released fixing bugs and\n security issues.\n\n Following security issues were fixed:\n\n *\n\n CVE-2011-0865: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect integrity\n via unknown vectors related to Deserialization.\n\n *\n\n CVE-2011-0866: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier, when running on Windows, allows\n remote untrusted Java Web Start applications and untrusted\n Java applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Java Runtime\n Environment.\n\n *\n\n CVE-2011-0802: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, when running on Windows, allows\n remote untrusted Java Web Start applications and untrusted\n Java applets to affect confidentiality, integrity, and\n availability via unknown vectors related to Deployment, a\n different vulnerability than CVE-2011-0786.\n\n *\n\n CVE-2011-0814: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors related to Sound, a different vulnerability than\n CVE-2011-0802.\n\n *\n\n CVE-2011-0815: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown\n vectors related to AWT.\n\n *\n\n CVE-2011-0862: Multiple unspecified vulnerabilities\n in the Java Runtime Environment (JRE) component in Oracle\n Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier,\n and 1.4.2_31 and earlier allow remote attackers to affect\n confidentiality, integrity, and availability via unknown\n vectors related to 2D.\n\n *\n\n CVE-2011-0867: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality via unknown vectors related to Networking.\n\n *\n\n CVE-2011-0871: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, 5.0 Update 29 and earlier, and\n 1.4.2_31 and earlier allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect\n confidentiality, integrity, and availability via unknown\n vectors related to Swing.\n\n *\n\n CVE-2011-0872: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier allows remote attackers to affect\n availability via unknown vectors related to NIO.\n\n *\n\n CVE-2011-0873: Unspecified vulnerability in the Java\n Runtime Environment (JRE) component in Oracle Java SE 6\n Update 25 and earlier, and 5.0 Update 29 and earlier,\n allows remote attackers to affect confidentiality,\n integrity, and availability via unknown vectors related to\n 2D.\n", "modified": "2011-08-02T19:08:19", "published": "2011-08-02T19:08:19", "id": "SUSE-SU-2011:0863-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html", "type": "suse", "title": "Security update for IBM Java (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:27", "bulletinFamily": "unix", "description": "IBM Java 1.5.0 SR12 FP5 has been released fixing bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2011-08-04T17:16:07", "published": "2011-08-04T17:16:07", "id": "SUSE-SA:2011:032", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html", "title": "remote code execution in java-1_5_0-ibm,IBMJava5", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
