Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for java-1.6.0-openjdk RHSA-2013:0273-01
Zusammenfassung:The remote host is missing an update for the 'java-1.6.0-openjdk'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'java-1.6.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

An improper permission check issue was discovered in the JMX component in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass Java sandbox restrictions. (CVE-2013-1486)

It was discovered that OpenJDK leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.

Note: If the web browser plug-in provided by the icedtea-web package was
installed, CVE-2013-1486 could have been exploited without user interaction
if a user visited a malicious website.

This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Affected Software/OS:
java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Querverweis: BugTraq ID: 57778
BugTraq ID: 58029
Common Vulnerability Exposure (CVE) ID: CVE-2013-0169
Cert/CC Advisory: TA13-051A
CERT/CC vulnerability note: VU#737740
Debian Security Information: DSA-2621 (Google Search)
Debian Security Information: DSA-2622 (Google Search)
HPdes Security Advisory: HPSBMU02874
HPdes Security Advisory: HPSBOV02852
HPdes Security Advisory: HPSBUX02856
HPdes Security Advisory: HPSBUX02857
HPdes Security Advisory: HPSBUX02909
HPdes Security Advisory: SSRT101103
HPdes Security Advisory: SSRT101104
HPdes Security Advisory: SSRT101108
HPdes Security Advisory: SSRT101184
HPdes Security Advisory: SSRT101289
RedHat Security Advisories: RHSA-2013:0587
RedHat Security Advisories: RHSA-2013:0782
RedHat Security Advisories: RHSA-2013:0783
RedHat Security Advisories: RHSA-2013:0833
RedHat Security Advisories: RHSA-2013:1455
RedHat Security Advisories: RHSA-2013:1456
SuSE Security Announcement: SUSE-SU-2013:0328 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:0701 (Google Search)
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0375 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0378 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-1486
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.