SuSE 11.3 安全更新:java-1_7_0-openjdk(SAT 修补程序编号 8090)
critical Nessus 插件 ID 69071
语言:
简介
远程 SuSE 11 主机缺少一个或多个安全更新。描述
icedtea-2.4.1的此更新修复了各种安全问题:- S6741606、CVE-2013-2407:集成 Apache Santuario
- S7158805、CVE-2013-2445:优化重写嵌套子例程调用
- S7170730、CVE-2013-2451:改进 Windows 网络堆栈支持。
- S8000638、CVE-2013-2450:改进反序列化
- S8000642、CVE-2013-2446:优化传输对象的处理
- S8001033、CVE-2013-2452:重构虚拟机标识符中的网络地址处理
- S8001034、CVE-2013-1500:内存管理改进
- S8001038、CVE-2013-2444:多元化处理资源
- S8001318、CVE-2013-2447:Socket.getLocalAddress 与 InetAddress.getLocalHost 不一致
- S8001330、CVE-2013-2443:改进检查顺序(仅限于非 Zero 版本)
- S8003703、CVE-2013-2412:更新 RMI 连接对话框
- S8004288、CVE-2013-2449:(fs) Files.probeContentType 问题
- S8006328、CVE-2013-2448:改进声音类的稳定性
- S8007812、CVE-2013-2455:(反映)一些类的 Class.getEnclosingMethod 存在问题
- S8008120、CVE-2013-2457:改进 JMX 类检查
- S8008124、CVE-2013-2453:优化合规性测试
- S8008132、CVE-2013-2456:优化序列化支持
- S8008744、CVE-2013-2407:重新制作 JDK-6741606 的部分补丁
- S8009057、CVE-2013-2448:改进 MIDI 事件处理
- S8009071、CVE-2013-2459:改进形状处理
- S8009424、CVE-2013-2458:根据 JSR-292 实现变更调整 Nashorn
- S8009554、CVE-2013-2454:改进 SerialJavaObject.getFields
- S8010209、CVE-2013-2460:优化出厂配置
- S8011243、CVE-2013-2470:改进 ImagingLib
- S8011248、CVE-2013-2471:优化组件栅格
- S8011253、CVE-2013-2472:优化短组件栅格
- S8011257、CVE-2013-2473:优化字节组件栅格
- S8012375、CVE-2013-1571:改进 Javadoc 帧
- S8012438、CVE-2013-2463:优化图像验证
- S8012597、CVE-2013-2465:优化图像通道校验
- S8012601、CVE-2013-2469:优化图像布局验证
- S8014281、CVE-2013-2461:优化 XML 签名校验
解决方案
请应用 SAT 修补程序编号 8090。另见
https://bugzilla.novell.com/show_bug.cgi?id=828665
http://support.novell.com/security/cve/CVE-2013-1500.html
http://support.novell.com/security/cve/CVE-2013-1571.html
http://support.novell.com/security/cve/CVE-2013-2407.html
http://support.novell.com/security/cve/CVE-2013-2412.html
http://support.novell.com/security/cve/CVE-2013-2443.html
http://support.novell.com/security/cve/CVE-2013-2444.html
http://support.novell.com/security/cve/CVE-2013-2445.html
http://support.novell.com/security/cve/CVE-2013-2446.html
http://support.novell.com/security/cve/CVE-2013-2447.html
http://support.novell.com/security/cve/CVE-2013-2448.html
http://support.novell.com/security/cve/CVE-2013-2449.html
http://support.novell.com/security/cve/CVE-2013-2450.html
http://support.novell.com/security/cve/CVE-2013-2451.html
http://support.novell.com/security/cve/CVE-2013-2452.html
http://support.novell.com/security/cve/CVE-2013-2453.html
http://support.novell.com/security/cve/CVE-2013-2454.html
http://support.novell.com/security/cve/CVE-2013-2455.html
http://support.novell.com/security/cve/CVE-2013-2456.html
http://support.novell.com/security/cve/CVE-2013-2457.html
http://support.novell.com/security/cve/CVE-2013-2458.html
http://support.novell.com/security/cve/CVE-2013-2459.html
http://support.novell.com/security/cve/CVE-2013-2460.html
http://support.novell.com/security/cve/CVE-2013-2461.html
http://support.novell.com/security/cve/CVE-2013-2463.html
http://support.novell.com/security/cve/CVE-2013-2465.html
http://support.novell.com/security/cve/CVE-2013-2469.html
http://support.novell.com/security/cve/CVE-2013-2470.html
http://support.novell.com/security/cve/CVE-2013-2471.html
插件详情
严重性: Critical
ID: 69071
文件名: suse_11_java-1_7_0-openjdk-130719.nasl
版本: 1.13
类型: local
代理: unix
发布时间: 2013/7/26
最近更新时间: 2022/3/29
支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
风险信息
VPR
风险因素: Critical
分数: 9.7
CVSS v2
风险因素: Critical
基本分数: 10
矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
漏洞信息
CPE: p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk, p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo, p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel, cpe:/o:novell:suse_linux:11
必需的 KB 项: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
可利用: true
易利用性: Exploits are available
补丁发布日期: 2013/7/19
CISA 已知可遭利用的漏洞到期日期: 2022/4/18
可利用的方式
Core Impact
Metasploit (Java storeImageArray() Invalid Array Indexing Vulnerability)
参考资料信息
CVE: CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473