Propusti JRE i JDK paketa

U radu programskih paketa JRE (eng. Java Runtime Environment) i JDK (eng. Java Developer Kit), za HP-UX, uočeni su sigurnosni propusti koje zlonamjerni napadači mogu iskoristiti za napad na povjerljivost, integritet i dostupnost sustava.

Paket:
Operacijski sustavi:	HP-UX 11.x
Kritičnost:	10
Problem:	nespecificirana pogreška
Iskorištavanje:	udaljeno
Posljedica:	dobivanje većih privilegija, izmjena podataka, neovlašteni pristup sustavu, otkrivanje osjetljivih informacija, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
Izvorni ID preporuke:	HPSBUX02805
Izvor:	Hewlett Packard

Problem:
U radu ranjivih programskih paketa uočene su brojne greške nepoznatog uzroka.
Posljedica:
Udaljeni napadač nedostatke može iskoristiti kako bi ugrozio povjerljivost, integritet i dostupnost sustava.
Rješenje:
Korisnicima se savjetuje žurna nadogradnja.

Izvorni tekst preporuke

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03441075

Version: 1
HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-08-13

Last Updated: 2012-08-13

Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.

References: CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 7.0.02 and 6.0.15
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
	
Base Vector
	
Base Score
CVE-2012-0508
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0
CVE-2012-0551
	
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
	
5.8
CVE-2012-1711
	
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
	
7.5
CVE-2012-1713
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0
CVE-2012-1716
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0
CVE-2012-1718
	
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
	
5.0
CVE-2012-1719
	
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
	
5.0
CVE-2012-1720
	
(AV:L/AC:H/Au:N/C:P/I:P/A:P)
	
3.7
CVE-2012-1721
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0
CVE-2012-1722
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0
CVE-2012-1723
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0
CVE-2012-1724
	
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
	
5.0
CVE-2012-1725
	
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
	
10.0
CVE-2012-1726
	
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
	
6.4
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities.
The upgrade is available from the following location

http://www.hp.com/go/java

HP-UX B.11.23, B.11.31
	
JDK and JRE v7.0.02 or subsequent
HP-UX B.11.23, B.11.31
	
JDK and JRE v6.0.15 or subsequent
HP-UX B.11.11, B.11.23
	
JDK and JRE v6.0.15 or subsequent


MANUAL ACTIONS: Yes - Update
For Java v7.0 update to Java v7.0.02 or subsequent
For Java v6.0 update to Java v6.0.15 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.23
HP-UX B.11.31
===========
Jdk70.JDK70-COM
Jdk70.JDK70-DEMO
Jdk70.JDK70-IPF32
Jdk70.JDK70-IPF64
Jre70.JRE70-COM
Jre70.JRE70-IPF32
Jre70.JRE70-IPF32-HS
Jre70.JRE70-IPF64
Jre70.JRE70-IPF64-HS
action: install revision 1.7.0.02.00 or subsequent

HP-UX B.11.23
HP-UX B.11.31
===========
Jdk60.JDK60-COM
Jdk60.JDK60-DEMO
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
action: install revision 1.6.0.15.00 or subsequent

HP-UX B.11.11
HP-UX B.11.23
===========
Jdk60.JDK60-COM
Jdk60.JDK60-DEMO
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
Jre60.JRE60-COM
Jre60.JRE60-COM-DOC
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
action: install revision 1.6.0.15.00 or subsequent

END AFFECTED VERSIONS

HISTORY
Version:1 (rev.1) - 13 Aug 2012 Initial release

Propusti JRE i JDK paketa

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Propusti JRE i JDK paketa

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti