SuSE 11.3 安全性更新:java-1_7_0-openjdk (SAT 修補程式編號 8090)
critical Nessus Plugin ID 69071
語系:
概要
遠端 SuSE 11 主機缺少一個或多個安全性更新。說明
此 icedtea-2.4.1 更新可修正多種安全性問題:- S6741606、CVE-2013-2407:整合 Apache Santuario
- S7158805、CVE-2013-2445:更完善地重寫巢狀子常式呼叫
- S7170730、CVE-2013-2451:改善 Windows 網路堆疊支援。
- S8000638、CVE-2013-2450:改善還原序列化
- S8000642、CVE-2013-2446:更有效地處理物件以進行傳輸
- S8001033、CVE-2013-2452:重構虛擬機器識別碼中的網路位址處理
- S8001034、CVE-2013-1500:改善記憶體管理
- S8001038、CVE-2013-2444:靈活處理資源
- S8001318、CVE-2013-2447:Socket.getLocalAddress 與 InetAddress.getLocalHost 不一致
- S8001330、CVE-2013-2443:改善檢查順序 (僅適用於非零版本)
- S8003703、CVE-2013-2412:更新 RMI 連線對話方塊
- S8004288、CVE-2013-2449:(fs) Files.probeContentType 問題
- S8006328、CVE-2013-2448:加強音訊類別的穩固性
- S8007812、CVE-2013-2455:(反射) 某些類別有 Class.getEnclosingMethod 問題
- S8008120、CVE-2013-2457:改善 JMX 類別檢查
- S8008124、CVE-2013-2453:更完善的合規性測試
- S8008132、CVE-2013-2456:更完善的序列化支援
- S8008744、CVE-2013-2407:重製 JDK-6741606 的部分修正
- S8009057、CVE-2013-2448:改善 MIDI 事件處理
- S8009071、CVE-2013-2459:改善形狀處理
- S8009424、CVE-2013-2458:因應 JSR-292 實作變更來調整 Nashorn
- S8009554、CVE-2013-2454:改善 SerialJavaObject.getFields
- S8010209、CVE-2013-2460:更完善的 factory 佈建
- S8011243、CVE-2013-2470:改善 ImagingLib
- S8011248、CVE-2013-2471:更完善的元件點陣
- S8011253、CVE-2013-2472:更完善的簡短元件點陣
- S8011257、CVE-2013-2473:更完善的位元組元件點陣
- S8012375、CVE-2013-1571:改善 Javadoc 框架
- S8012438、CVE-2013-2463:更完善的影像驗證
- S8012597、CVE-2013-2465:更完善的影像通道驗證
- S8012601、CVE-2013-2469:更完善的影像配置驗證
- S8014281、CVE-2013-2461:更完善的 XML 簽章檢查
解決方案
套用 SAT 修補程式編號 8090。另請參閱
https://bugzilla.novell.com/show_bug.cgi?id=828665
http://support.novell.com/security/cve/CVE-2013-1500.html
http://support.novell.com/security/cve/CVE-2013-1571.html
http://support.novell.com/security/cve/CVE-2013-2407.html
http://support.novell.com/security/cve/CVE-2013-2412.html
http://support.novell.com/security/cve/CVE-2013-2443.html
http://support.novell.com/security/cve/CVE-2013-2444.html
http://support.novell.com/security/cve/CVE-2013-2445.html
http://support.novell.com/security/cve/CVE-2013-2446.html
http://support.novell.com/security/cve/CVE-2013-2447.html
http://support.novell.com/security/cve/CVE-2013-2448.html
http://support.novell.com/security/cve/CVE-2013-2449.html
http://support.novell.com/security/cve/CVE-2013-2450.html
http://support.novell.com/security/cve/CVE-2013-2451.html
http://support.novell.com/security/cve/CVE-2013-2452.html
http://support.novell.com/security/cve/CVE-2013-2453.html
http://support.novell.com/security/cve/CVE-2013-2454.html
http://support.novell.com/security/cve/CVE-2013-2455.html
http://support.novell.com/security/cve/CVE-2013-2456.html
http://support.novell.com/security/cve/CVE-2013-2457.html
http://support.novell.com/security/cve/CVE-2013-2458.html
http://support.novell.com/security/cve/CVE-2013-2459.html
http://support.novell.com/security/cve/CVE-2013-2460.html
http://support.novell.com/security/cve/CVE-2013-2461.html
http://support.novell.com/security/cve/CVE-2013-2463.html
http://support.novell.com/security/cve/CVE-2013-2465.html
http://support.novell.com/security/cve/CVE-2013-2469.html
http://support.novell.com/security/cve/CVE-2013-2470.html
http://support.novell.com/security/cve/CVE-2013-2471.html
Plugin 詳細資訊
嚴重性: Critical
ID: 69071
檔案名稱: suse_11_java-1_7_0-openjdk-130719.nasl
版本: 1.13
類型: local
代理程式: unix
已發布: 2013/7/26
已更新: 2022/3/29
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment
風險資訊
VPR
風險因素: Critical
分數: 9.8
CVSS v2
風險因素: Critical
基本分數: 10
媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
弱點資訊
CPE: p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk, p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo, p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel, cpe:/o:novell:suse_linux:11
必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2013/7/19
CISA 已知遭惡意利用弱點到期日: 2022/4/18
可惡意利用
Core Impact
Metasploit (Java storeImageArray() Invalid Array Indexing Vulnerability)
參考資訊
CVE: CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473