Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200702-07 (java)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58024

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200702-07 (java)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory GLSA 200702-07.

Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) contain a
memory corruption flaw that allows the applets to gain elevated privileges
potentially leading to the execute of arbitrary code.

Solution:
All Sun Java Development Kit 1.5 users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.10'

All Sun Java Development Kit 1.4 users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose '=dev-java/sun-jdk-1.4.2*'

All Sun Java Runtime Environment 1.5 users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.10'

All Sun Java Runtime Environment 1.4 users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose '=dev-java/sun-jre-bin-1.4.2*'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200702-07
http://bugs.gentoo.org/show_bug.cgi?id=162511

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-0243
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/242
BugTraq ID: 22085
http://www.securityfocus.com/bid/22085
Bugtraq: 20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/457159/100/0/threaded
Bugtraq: 20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit (Google Search)
http://www.securityfocus.com/archive/1/457638/100/0/threaded
Cert/CC Advisory: TA07-022A
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
CERT/CC vulnerability note: VU#388289
http://www.kb.cert.org/vuls/id/388289
http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml
http://security.gentoo.org/glsa/glsa-200702-08.xml
HPdes Security Advisory: HPSBUX02196
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
HPdes Security Advisory: SSRT071318
http://docs.info.apple.com/article.html?artnum=307177
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
http://osvdb.org/32834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073
http://www.redhat.com/support/errata/RHSA-2007-0166.html
http://www.redhat.com/support/errata/RHSA-2007-0167.html
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://securitytracker.com/id?1017520
http://secunia.com/advisories/23757
http://secunia.com/advisories/24189
http://secunia.com/advisories/24202
http://secunia.com/advisories/24468
http://secunia.com/advisories/24993
http://secunia.com/advisories/25283
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://secunia.com/advisories/26645
http://secunia.com/advisories/27203
http://secunia.com/advisories/28115
http://securityreason.com/securityalert/2158
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
SuSE Security Announcement: SUSE-SA:2007:045 (Google Search)
http://www.novell.com/linux/security/advisories/2007_45_java.html
http://www.vupen.com/english/advisories/2007/0211
http://www.vupen.com/english/advisories/2007/0936
http://www.vupen.com/english/advisories/2007/1814
http://www.vupen.com/english/advisories/2007/4224
XForce ISS Database: jre-gif-bo(31537)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31537

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58024
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200702-07 (java)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200702-07. Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) contain a memory corruption flaw that allows the applets to gain elevated privileges potentially leading to the execute of arbitrary code. Solution: All Sun Java Development Kit 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.10' All Sun Java Development Kit 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '=dev-java/sun-jdk-1.4.2' All Sun Java Runtime Environment 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.10' All Sun Java Runtime Environment 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '=dev-java/sun-jre-bin-1.4.2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200702-07 http://bugs.gentoo.org/show_bug.cgi?id=162511 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0243 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/242 BugTraq ID: 22085 http://www.securityfocus.com/bid/22085 Bugtraq: 20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/457159/100/0/threaded Bugtraq: 20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit (Google Search) http://www.securityfocus.com/archive/1/457638/100/0/threaded Cert/CC Advisory: TA07-022A http://www.us-cert.gov/cas/techalerts/TA07-022A.html CERT/CC vulnerability note: VU#388289 http://www.kb.cert.org/vuls/id/388289 http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml http://security.gentoo.org/glsa/glsa-200702-08.xml HPdes Security Advisory: HPSBUX02196 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579 HPdes Security Advisory: SSRT071318 http://docs.info.apple.com/article.html?artnum=307177 http://www.zerodayinitiative.com/advisories/ZDI-07-005.html http://osvdb.org/32834 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073 http://www.redhat.com/support/errata/RHSA-2007-0166.html http://www.redhat.com/support/errata/RHSA-2007-0167.html http://www.redhat.com/support/errata/RHSA-2007-0956.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://securitytracker.com/id?1017520 http://secunia.com/advisories/23757 http://secunia.com/advisories/24189 http://secunia.com/advisories/24202 http://secunia.com/advisories/24468 http://secunia.com/advisories/24993 http://secunia.com/advisories/25283 http://secunia.com/advisories/26049 http://secunia.com/advisories/26119 http://secunia.com/advisories/26645 http://secunia.com/advisories/27203 http://secunia.com/advisories/28115 http://securityreason.com/securityalert/2158 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1 SuSE Security Announcement: SUSE-SA:2007:045 (Google Search) http://www.novell.com/linux/security/advisories/2007_45_java.html http://www.vupen.com/english/advisories/2007/0211 http://www.vupen.com/english/advisories/2007/0936 http://www.vupen.com/english/advisories/2007/1814 http://www.vupen.com/english/advisories/2007/4224 XForce ISS Database: jre-gif-bo(31537) https://exchange.xforce.ibmcloud.com/vulnerabilities/31537
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com