[Linux-PowerEdge] JRE 6 in OMSA 7.1 vulnerable?

knabinger at gmx.de knabinger at gmx.de
Wed Mar 6 06:47:27 CST 2013


Hi

is it possible that the JRE, that Dell deploys with OMSA 7.1 for Debian, is a vulnerable version???

We are scanning our systems regulary to discover vulnerable software, and scan-plugin output is the following:

##############
Plugin Output
:
The following vulnerable instance of Java is installed on the 
 remote host : 

 Path : /opt/dell/srvadmin/lib/openmanage/ 
Installed version : 1.6.0_21 

Fixed version : 1.4.2_42 / 1.5.0_40 / 1.6.0_41 / 1.7.0_15
#############

So i updated OMSA including the srvadmin-jre Package to the most recent version, java -version now says:

#############
java version "1.6.0_30"
Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
Java HotSpot(TM) 64-Bit Server VM (build 20.5-b03, mixed mode)
############

So, how can i use OMSA with a recent JRE (1.6.0_41 or higher) to avoid secutity issues???

Thanks for help!



More information about the Linux-PowerEdge mailing list