oval:org.mitre.oval:def:13907

Definition Id: oval:org.mitre.oval:def:13907

Oval ID:	oval:org.mitre.oval:def:13907
Title:	USN-859-1 -- openjdk-6 vulnerabilities
Description:	Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. It was discovered that ICC profiles could be identified with ".." pathnames. If a user were tricked into running a specially crafted applet, a remote attacker could gain information about a local system. Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. If a user were tricked into running a specially crafted applet, a remote attacker could crash the application or run arbitrary code with user privileges. Multiple flaws were discovered in JPEG and BMP image handling. If a user were tricked into loading a specially crafted image, a remote attacker could crash the application or run arbitrary code with user privileges. Coda Hale discovered that HMAC-based signatures were not correctly validated. Remote attackers could bypass certain forms of authentication, granting unexpected access. Multiple flaws were discovered in ASN.1 parsing. A remote attacker could send a specially crafted HTTP stream that would exhaust system memory and lead to a denial of service. It was discovered that the graphics configuration subsystem did not correctly handle arrays. If a user were tricked into running a specially crafted applet, a remote attacker could exploit this to crash the application or execute arbitrary code with user privileges. It was discovered that loggers and Swing did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. It was discovered that the ClassLoader did not correctly handle certain options. If a user were tricked into running a specially crafted applet, a remote attacker could execute arbitrary code with user privileges. It was discovered that time zone file loading could be used to determine the existence of files on the local system. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy
Family:	unix	Class:	patch
Reference(s):	USN-859-1 CVE-2009-2409 CVE-2009-3728 CVE-2009-3869 CVE-2009-3871 CVE-2009-3873 CVE-2009-3874 CVE-2009-3885 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3882 CVE-2009-3883 CVE-2009-3881 CVE-2009-3884	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04	Product(s):	openjdk-6
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section openjdk-6-jre-lib DPKG is earlier than 6b12-0ubuntu6.6 AND openjdk-6-doc DPKG is earlier than 6b12-0ubuntu6.6 AND openjdk-6-source-files DPKG is earlier than 6b12-0ubuntu6.6 AND openjdk-6-source DPKG is earlier than 6b12-0ubuntu6.6 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section openjdk-6-jre DPKG is earlier than 6b12-0ubuntu6.6 AND openjdk-6-jre-headless DPKG is earlier than 6b12-0ubuntu6.6 AND openjdk-6-demo DPKG is earlier than 6b12-0ubuntu6.6 AND openjdk-6-dbg DPKG is earlier than 6b12-0ubuntu6.6 AND openjdk-6-jdk DPKG is earlier than 6b12-0ubuntu6.6 AND icedtea6-plugin DPKG is earlier than 6b12-0ubuntu6.6 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section openjdk-6-jre-lib DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND openjdk-6-doc DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND openjdk-6-source DPKG is earlier than 6b16-1.6.1-3ubuntu1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section openjdk-6-jre DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND openjdk-6-jre-headless DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND openjdk-6-demo DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND openjdk-6-dbg DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND openjdk-6-jdk DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND icedtea6-plugin DPKG is earlier than 6b16-1.6.1-3ubuntu1 OR Architecture depended section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section icedtea-6-jre-cacao DPKG is earlier than 6b16-1.6.1-3ubuntu1 AND openjdk-6-jre-zero DPKG is earlier than 6b16-1.6.1-3ubuntu1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section openjdk-6-jre-lib DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-doc DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-source-files DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-source DPKG is earlier than 6b14-1.4.1-0ubuntu12 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section openjdk-6-jre DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-jre-headless DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-demo DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-dbg DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-jdk DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND icedtea6-plugin DPKG is earlier than 6b14-1.4.1-0ubuntu12 OR Architecture depended section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Packages section icedtea-6-jre-cacao DPKG is earlier than 6b14-1.4.1-0ubuntu12 AND openjdk-6-jre-zero DPKG is earlier than 6b14-1.4.1-0ubuntu12 OR Supported platform section Installed architecture is powerpc AND icedtea-6-jre-cacao DPKG is earlier than 6b14-1.4.1-0ubuntu12

Definition Id: oval:org.mitre.oval:def:13079

Oval ID:	oval:org.mitre.oval:def:13079
Title:	Ubuntu 9.10 is installed
Description:	Ubuntu 9.10 is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:canonical:ubuntu_linux:9.10	Version:	5
Platform(s):	Ubuntu 9.10	Product(s):
Definition Synopsis:
Ubuntu 9.10 is installed
Referenced By:
oval:org.mitre.oval:def:13907

Definition Id: oval:org.mitre.oval:def:13306

Oval ID:	oval:org.mitre.oval:def:13306
Title:	Ubuntu 8.10 is installed
Description:	Ubuntu 8.10 is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:ubuntu:ubuntu_linux:8.10	Version:	3
Platform(s):	Ubuntu 8.10	Product(s):
Definition Synopsis:
Ubuntu 8.10 is installed
Referenced By:
oval:org.mitre.oval:def:13907

Definition Id: oval:org.mitre.oval:def:12669

Oval ID:	oval:org.mitre.oval:def:12669
Title:	Ubuntu 9.04 is installed
Description:	Ubuntu 9.04 is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:canonical:ubuntu_linux:9.04	Version:	5
Platform(s):	Ubuntu 9.04	Product(s):
Definition Synopsis:
Ubuntu 9.04 is installed
Referenced By:
oval:org.mitre.oval:def:13907

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0255s

Facebook rss twitter linkedin mail