openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)

critical Nessus Plugin ID 105714

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for java-1_7_0-openjdk fixes the following issues :

Security issues fixed :

- CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084).

- CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071).

- CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072).

- CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073).

- CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075).

- CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086).

- CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078).

- CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082).

- CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079).

- CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081).

- CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077).

- CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080).

- CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085).

- CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083).

- CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316).

- CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305).

- CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306).

- CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309).

- CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311).

- CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312).

- CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313).

- CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314).

- CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315).

- CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318).

- CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307).

- CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321).

- CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319).

- CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320).

- CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324).

- CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326).

- CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325).

- CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328).

- CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329).

- CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307).

- CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307).

- CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322).

- CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332).

- CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327).

- CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323).

- CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317).

- CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310).

- CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331).

- CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330).

Bug fixes :

- Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318).

This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected java-1_7_0-openjdk packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1049305

https://bugzilla.opensuse.org/show_bug.cgi?id=1049306

https://bugzilla.opensuse.org/show_bug.cgi?id=1049307

https://bugzilla.opensuse.org/show_bug.cgi?id=1049309

https://bugzilla.opensuse.org/show_bug.cgi?id=1049310

https://bugzilla.opensuse.org/show_bug.cgi?id=1049311

https://bugzilla.opensuse.org/show_bug.cgi?id=1049312

https://bugzilla.opensuse.org/show_bug.cgi?id=1049313

https://bugzilla.opensuse.org/show_bug.cgi?id=1049314

https://bugzilla.opensuse.org/show_bug.cgi?id=1049315

https://bugzilla.opensuse.org/show_bug.cgi?id=1049316

https://bugzilla.opensuse.org/show_bug.cgi?id=1049317

https://bugzilla.opensuse.org/show_bug.cgi?id=1049318

https://bugzilla.opensuse.org/show_bug.cgi?id=1049319

https://bugzilla.opensuse.org/show_bug.cgi?id=1049320

https://bugzilla.opensuse.org/show_bug.cgi?id=1049321

https://bugzilla.opensuse.org/show_bug.cgi?id=1049322

https://bugzilla.opensuse.org/show_bug.cgi?id=1049323

https://bugzilla.opensuse.org/show_bug.cgi?id=1049324

https://bugzilla.opensuse.org/show_bug.cgi?id=1049325

https://bugzilla.opensuse.org/show_bug.cgi?id=1049326

https://bugzilla.opensuse.org/show_bug.cgi?id=1049327

https://bugzilla.opensuse.org/show_bug.cgi?id=1049328

https://bugzilla.opensuse.org/show_bug.cgi?id=1049329

https://bugzilla.opensuse.org/show_bug.cgi?id=1049330

https://bugzilla.opensuse.org/show_bug.cgi?id=1049331

https://bugzilla.opensuse.org/show_bug.cgi?id=1049332

https://bugzilla.opensuse.org/show_bug.cgi?id=1052318

https://bugzilla.opensuse.org/show_bug.cgi?id=1064071

https://bugzilla.opensuse.org/show_bug.cgi?id=1064072

https://bugzilla.opensuse.org/show_bug.cgi?id=1064073

https://bugzilla.opensuse.org/show_bug.cgi?id=1064075

https://bugzilla.opensuse.org/show_bug.cgi?id=1064077

https://bugzilla.opensuse.org/show_bug.cgi?id=1064078

https://bugzilla.opensuse.org/show_bug.cgi?id=1064079

https://bugzilla.opensuse.org/show_bug.cgi?id=1064080

https://bugzilla.opensuse.org/show_bug.cgi?id=1064081

https://bugzilla.opensuse.org/show_bug.cgi?id=1064082

https://bugzilla.opensuse.org/show_bug.cgi?id=1064083

https://bugzilla.opensuse.org/show_bug.cgi?id=1064084

https://bugzilla.opensuse.org/show_bug.cgi?id=1064085

https://bugzilla.opensuse.org/show_bug.cgi?id=1064086

Plugin Details

Severity: Critical

ID: 105714

File Name: openSUSE-2018-14.nasl

Version: 3.5

Type: local

Agent: unix

Published: 1/10/2018

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/9/2018

Reference Information

CVE: CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388