http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

99809

1038931

GLSA-201709-22

https://security.netapp.com/advisory/ntap-20170720-0001/

An update of the openjre package has been released.

An update of the openjdk package has been released.

An update of [openjdk,openjre,pycrypto,python3-pycrypto] packages for PhotonOS has been released.

This update for java-1_7_0-openjdk fixes the following issues :

Security issues fixed :

  - CVE-2017-10356: Fix issue inside subcomponent Security     (bsc#1064084).

  - CVE-2017-10274: Fix issue inside subcomponent Smart Card     IO (bsc#1064071).

  - CVE-2017-10281: Fix issue inside subcomponent     Serialization (bsc#1064072).

  - CVE-2017-10285: Fix issue inside subcomponent RMI     (bsc#1064073).

  - CVE-2017-10295: Fix issue inside subcomponent Networking     (bsc#1064075).

  - CVE-2017-10388: Fix issue inside subcomponent Libraries     (bsc#1064086).

  - CVE-2017-10346: Fix issue inside subcomponent Hotspot     (bsc#1064078).

  - CVE-2017-10350: Fix issue inside subcomponent JAX-WS     (bsc#1064082).

  - CVE-2017-10347: Fix issue inside subcomponent     Serialization (bsc#1064079).

  - CVE-2017-10349: Fix issue inside subcomponent JAXP     (bsc#1064081).

  - CVE-2017-10345: Fix issue inside subcomponent     Serialization (bsc#1064077).

  - CVE-2017-10348: Fix issue inside subcomponent Libraries     (bsc#1064080).

  - CVE-2017-10357: Fix issue inside subcomponent     Serialization (bsc#1064085).

  - CVE-2017-10355: Fix issue inside subcomponent Networking     (bsc#1064083).

  - CVE-2017-10102: Fix incorrect handling of references in     DGC (bsc#1049316).

  - CVE-2017-10053: Fix reading of unprocessed image data in     JPEGImageReader (bsc#1049305).

  - CVE-2017-10067: Fix JAR verifier incorrect handling of     missing digest (bsc#1049306).

  - CVE-2017-10081: Fix incorrect bracket processing in     function signature handling (bsc#1049309).

  - CVE-2017-10087: Fix insufficient access control checks     in ThreadPoolExecutor (bsc#1049311).

  - CVE-2017-10089: Fix insufficient access control checks     in ServiceRegistry (bsc#1049312).

  - CVE-2017-10090: Fix insufficient access control checks     in AsynchronousChannelGroupImpl (bsc#1049313).

  - CVE-2017-10096: Fix insufficient access control checks     in XML transformations (bsc#1049314).

  - CVE-2017-10101: Fix unrestricted access to     com.sun.org.apache.xml.internal.resolver (bsc#1049315).

  - CVE-2017-10107: Fix insufficient access control checks     in ActivationID (bsc#1049318).

  - CVE-2017-10074: Fix integer overflows in range check     loop predicates (bsc#1049307).

  - CVE-2017-10110: Fix insufficient access control checks     in ImageWatched (bsc#1049321).

  - CVE-2017-10108: Fix unbounded memory allocation in     BasicAttribute deserialization (bsc#1049319).

  - CVE-2017-10109: Fix unbounded memory allocation in     CodeSource deserialization (bsc#1049320).

  - CVE-2017-10115: Fix unspecified vulnerability in     subcomponent JCE (bsc#1049324).

  - CVE-2017-10118: Fix ECDSA implementation timing attack     (bsc#1049326).

  - CVE-2017-10116: Fix LDAPCertStore following referrals to     non-LDAP URL (bsc#1049325).

  - CVE-2017-10135: Fix PKCS#8 implementation timing attack     (bsc#1049328).

  - CVE-2017-10176: Fix incorrect handling of certain EC     points (bsc#1049329).

  - CVE-2017-10074: Fix integer overflows in range check     loop predicates (bsc#1049307).

  - CVE-2017-10074: Fix integer overflows in range check     loop predicates (bsc#1049307).

  - CVE-2017-10111: Fix checks in LambdaFormEditor     (bsc#1049322).

  - CVE-2017-10243: Fix unspecified vulnerability in     subcomponent JAX-WS (bsc#1049332).

  - CVE-2017-10125: Fix unspecified vulnerability in     subcomponent deployment (bsc#1049327).

  - CVE-2017-10114: Fix unspecified vulnerability in     subcomponent JavaFX (bsc#1049323).

  - CVE-2017-10105: Fix unspecified vulnerability in     subcomponent deployment (bsc#1049317).

  - CVE-2017-10086: Fix unspecified in subcomponent JavaFX     (bsc#1049310).

  - CVE-2017-10198: Fix incorrect enforcement of certificate     path restrictions (bsc#1049331).

  - CVE-2017-10193: Fix incorrect key size constraint check     (bsc#1049330).

Bug fixes :

  - Drop Exec Shield workaround to fix crashes on recent     kernels, where Exec Shield is gone (bsc#1052318).

This update was imported from the SUSE:SLE-12:Update update project.

This update for java-1_7_0-openjdk fixes the following issues:
Security issues fixed :

  - CVE-2017-10356: Fix issue inside subcomponent Security     (bsc#1064084).

  - CVE-2017-10274: Fix issue inside subcomponent Smart Card     IO (bsc#1064071).

  - CVE-2017-10281: Fix issue inside subcomponent     Serialization (bsc#1064072).

  - CVE-2017-10285: Fix issue inside subcomponent RMI     (bsc#1064073).

  - CVE-2017-10295: Fix issue inside subcomponent Networking     (bsc#1064075).

  - CVE-2017-10388: Fix issue inside subcomponent Libraries     (bsc#1064086).

  - CVE-2017-10346: Fix issue inside subcomponent Hotspot     (bsc#1064078).

  - CVE-2017-10350: Fix issue inside subcomponent JAX-WS     (bsc#1064082).

  - CVE-2017-10347: Fix issue inside subcomponent     Serialization (bsc#1064079).

  - CVE-2017-10349: Fix issue inside subcomponent JAXP     (bsc#1064081).

  - CVE-2017-10345: Fix issue inside subcomponent     Serialization (bsc#1064077).

  - CVE-2017-10348: Fix issue inside subcomponent Libraries     (bsc#1064080).

  - CVE-2017-10357: Fix issue inside subcomponent     Serialization (bsc#1064085).

  - CVE-2017-10355: Fix issue inside subcomponent Networking     (bsc#1064083).

  - CVE-2017-10102: Fix incorrect handling of references in     DGC (bsc#1049316).

  - CVE-2017-10053: Fix reading of unprocessed image data in     JPEGImageReader (bsc#1049305).

  - CVE-2017-10067: Fix JAR verifier incorrect handling of     missing digest (bsc#1049306).

  - CVE-2017-10081: Fix incorrect bracket processing in     function signature handling (bsc#1049309).

  - CVE-2017-10087: Fix insufficient access control checks     in ThreadPoolExecutor (bsc#1049311).

  - CVE-2017-10089: Fix insufficient access control checks     in ServiceRegistry (bsc#1049312).

  - CVE-2017-10090: Fix insufficient access control checks     in AsynchronousChannelGroupImpl (bsc#1049313).

  - CVE-2017-10096: Fix insufficient access control checks     in XML transformations (bsc#1049314).

  - CVE-2017-10101: Fix unrestricted access to     com.sun.org.apache.xml.internal.resolver (bsc#1049315).

  - CVE-2017-10107: Fix insufficient access control checks     in ActivationID (bsc#1049318).

  - CVE-2017-10074: Fix integer overflows in range check     loop predicates (bsc#1049307).

  - CVE-2017-10110: Fix insufficient access control checks     in ImageWatched (bsc#1049321).

  - CVE-2017-10108: Fix unbounded memory allocation in     BasicAttribute deserialization (bsc#1049319).

  - CVE-2017-10109: Fix unbounded memory allocation in     CodeSource deserialization (bsc#1049320).

  - CVE-2017-10115: Fix unspecified vulnerability in     subcomponent JCE (bsc#1049324).

  - CVE-2017-10118: Fix ECDSA implementation timing attack     (bsc#1049326).

  - CVE-2017-10116: Fix LDAPCertStore following referrals to     non-LDAP URL (bsc#1049325).

  - CVE-2017-10135: Fix PKCS#8 implementation timing attack     (bsc#1049328).

  - CVE-2017-10176: Fix incorrect handling of certain EC     points (bsc#1049329).

  - CVE-2017-10074: Fix integer overflows in range check     loop predicates (bsc#1049307).

  - CVE-2017-10074: Fix integer overflows in range check     loop predicates (bsc#1049307).

  - CVE-2017-10111: Fix checks in LambdaFormEditor     (bsc#1049322).

  - CVE-2017-10243: Fix unspecified vulnerability in     subcomponent JAX-WS (bsc#1049332).

  - CVE-2017-10125: Fix unspecified vulnerability in     subcomponent deployment (bsc#1049327).

  - CVE-2017-10114: Fix unspecified vulnerability in     subcomponent JavaFX (bsc#1049323).

  - CVE-2017-10105: Fix unspecified vulnerability in     subcomponent deployment (bsc#1049317).

  - CVE-2017-10086: Fix unspecified in subcomponent JavaFX     (bsc#1049310).

  - CVE-2017-10198: Fix incorrect enforcement of certificate     path restrictions (bsc#1049331).

  - CVE-2017-10193: Fix incorrect key size constraint check     (bsc#1049330). Bug fixes :

  - Drop Exec Shield workaround to fix crashes on recent     kernels, where Exec Shield is gone (bsc#1052318).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201709-22 (Oracle JDK/JRE, IcedTea: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Oracle&rsquo;s JRE, JDK and       IcedTea. Please review the referenced CVE identifiers for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, or gain       access to information.
  Workaround :

    There is no known workaround at this time.

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents :

  - A flaw exists in the J9 VM class verifier component that     allows an unauthenticated, remote attacker to cause an     escalation of privileges. (CVE-2017-1376)

  - A flaw exists in the installp and updatep packages that     prevents security updates from being correctly applied.
    (CVE-2017-1541)

  - An unspecified flaw exists in the 2D component that     allows an unauthenticated, remote attacker to cause a     denial of service condition. (CVE-2017-10053)

  - Multiple unspecified flaws exist in the Security     component that allow an unauthenticated, remote attacker     to execute arbitrary code. (CVE-2017-10067,     CVE-2017-10116)

  - An unspecified flaw exists in the Scripting component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10078)

  - Multiple unspecified flaws exist in the Libraries     component that allow an unauthenticated, remote attacker     to execute arbitrary code. (CVE-2017-10087,     CVE-2017-10090)

  - An unspecified flaw exists in the ImageIO component that     allows an unauthenticated, remote attacker to execute     arbitrary code. (CVE-2017-10089)

  - Multiple unspecified flaws exist in the JAXP component     that allow an unauthenticated, remote attacker to     execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)

  - Multiple unspecified flaws exist in the RMI component     that allow an unauthenticated, remote attacker to     execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)

  - An unspecified flaw exists in the Deployment component     that allows an unauthenticated, remote attacker to     impact integrity. (CVE-2017-10105)

  - Multiple unspecified flaws exist in the Serialization     component that allow an unauthenticated, remote attacker     to exhaust available memory, resulting in a denial of     service condition. (CVE-2017-10108, CVE-2017-10109)

  - An unspecified flaw exists in the AWT component that     allows an unauthenticated, remote attacker to execute     arbitrary code. (CVE-2017-10110)

  - Multiple unspecified flaws exist in the JCE component     that allow an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2017-10115)

  - An unspecified flaw exists in the Deployment component     that allows a local attacker to impact confidentiality,     integrity, and availability. (CVE-2017-10125)

  - An unspecified flaw exists in the JAX-WS component that     allows an unauthenticated, remote attacker to impact     confidentiality and availability. (CVE-2017-10243)

This update for java-1_7_1-ibm fixes the following issues :

  - Version update to 7.1-4.10 [bsc#1053431]

  - CVE-2017-10111 CVE-2017-10110 CVE-2017-10107     CVE-2017-10101 CVE-2017-10096 CVE-2017-10090     CVE-2017-10089 CVE-2017-10087 CVE-2017-10102     CVE-2017-10116 CVE-2017-10074 CVE-2017-10115     CVE-2017-10067 CVE-2017-10125 CVE-2017-10243     CVE-2017-10109 CVE-2017-10108 CVE-2017-10053     CVE-2017-10105 CVE-2017-10081: Multiple unspecified     vulnerabilities in multiple Java components could lead     to code execution or sandbox escape More information can     be found here:
    https://developer.ibm.com/javasdk/support/security-vulne     rabilities/#Oracle_ July_18_2017_CPU

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for java-1_8_0-ibm fixes the following issues :

  - Version update to 8.0-4.10 [bsc#1053431] CVE-2017-10111,     CVE-2017-10110, CVE-2017-10107, CVE-2017-10101,     CVE-2017-10096, CVE-2017-10090, CVE-2017-10089,     CVE-2017-10087, CVE-2017-10102, CVE-2017-10116,     CVE-2017-10074, CVE-2017-10078, CVE-2017-10115,     CVE-2017-10067, CVE-2017-10125, CVE-2017-10243,     CVE-2017-10109, CVE-2017-10108, CVE-2017-10053,     CVE-2017-10105, CVE-2017-10081: Multiple unspecified     vulnerabilities in multiple Java components could lead     to code execution or sandbox escape More information can     be found here:
    https://developer.ibm.com/javasdk/support/security-vulne     rabilities/#Oracle_ July_18_2017_CPU

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues :

Security issues fixed :

  - CVE-2017-10053: Improved image post-processing steps     (bsc#1049305)

  - CVE-2017-10067: Additional jar validation steps     (bsc#1049306)

  - CVE-2017-10074: Image conversion improvements     (bsc#1049307)

  - CVE-2017-10078: Better script accessibility for     JavaScript (bsc#1049308)

  - CVE-2017-10081: Right parenthesis issue (bsc#1049309)

  - CVE-2017-10086: Unspecified vulnerability in     subcomponent JavaFX (bsc#1049310)

  - CVE-2017-10087: Better Thread Pool execution     (bsc#1049311)

  - CVE-2017-10089: Service Registration Lifecycle     (bsc#1049312)

  - CVE-2017-10090: Better handling of channel groups     (bsc#1049313)

  - CVE-2017-10096: Transform Transformer Exceptions     (bsc#1049314)

  - CVE-2017-10101: Better reading of text catalogs     (bsc#1049315)

  - CVE-2017-10102: Improved garbage collection     (bsc#1049316)

  - CVE-2017-10105: Unspecified vulnerability in     subcomponent deployment (bsc#1049317)

  - CVE-2017-10107: Less Active Activations (bsc#1049318)

  - CVE-2017-10108: Better naming attribution (bsc#1049319)

  - CVE-2017-10109: Better sourcing of code (bsc#1049320)

  - CVE-2017-10110: Better image fetching (bsc#1049321)

  - CVE-2017-10111: Rearrange MethodHandle arrangements     (bsc#1049322)

  - CVE-2017-10114: Unspecified vulnerability in     subcomponent JavaFX (bsc#1049323)

  - CVE-2017-10115: Higher quality DSA operations     (bsc#1049324)

  - CVE-2017-10116: Proper directory lookup processing     (bsc#1049325)

  - CVE-2017-10118: Higher quality ECDSA operations     (bsc#1049326)

  - CVE-2017-10125: Unspecified vulnerability in     subcomponent deployment (bsc#1049327)

  - CVE-2017-10135: Better handling of PKCS8 material     (bsc#1049328)

  - CVE-2017-10176: Additional elliptic curve support     (bsc#1049329)

  - CVE-2017-10193: Improve algorithm constraints     implementation (bsc#1049330)

  - CVE-2017-10198: Clear certificate chain connections     (bsc#1049331)

  - CVE-2017-10243: Unspecified vulnerability in     subcomponent JAX-WS (bsc#1049332)

Bug fixes :

  - Check registry registration location

  - Improved certificate processing

  - JMX diagnostic improvements

  - Update to libpng 1.6.28

  - Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features :

  - Support using RSAandMGF1 with the SHA hash algorithms in     the PKCS11 provider

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed :

  - CVE-2017-10053: Improved image post-processing steps     (bsc#1049305)

  - CVE-2017-10067: Additional jar validation steps     (bsc#1049306)

  - CVE-2017-10074: Image conversion improvements     (bsc#1049307)

  - CVE-2017-10078: Better script accessibility for     JavaScript (bsc#1049308)

  - CVE-2017-10081: Right parenthesis issue (bsc#1049309)

  - CVE-2017-10086: Unspecified vulnerability in     subcomponent JavaFX (bsc#1049310)

  - CVE-2017-10087: Better Thread Pool execution     (bsc#1049311)

  - CVE-2017-10089: Service Registration Lifecycle     (bsc#1049312)

  - CVE-2017-10090: Better handling of channel groups     (bsc#1049313)

  - CVE-2017-10096: Transform Transformer Exceptions     (bsc#1049314)

  - CVE-2017-10101: Better reading of text catalogs     (bsc#1049315)

  - CVE-2017-10102: Improved garbage collection     (bsc#1049316)

  - CVE-2017-10105: Unspecified vulnerability in     subcomponent deployment (bsc#1049317)

  - CVE-2017-10107: Less Active Activations (bsc#1049318)

  - CVE-2017-10108: Better naming attribution (bsc#1049319)

  - CVE-2017-10109: Better sourcing of code (bsc#1049320)

  - CVE-2017-10110: Better image fetching (bsc#1049321)

  - CVE-2017-10111: Rearrange MethodHandle arrangements     (bsc#1049322)

  - CVE-2017-10114: Unspecified vulnerability in     subcomponent JavaFX (bsc#1049323)

  - CVE-2017-10115: Higher quality DSA operations     (bsc#1049324)

  - CVE-2017-10116: Proper directory lookup processing     (bsc#1049325)

  - CVE-2017-10118: Higher quality ECDSA operations     (bsc#1049326)

  - CVE-2017-10125: Unspecified vulnerability in     subcomponent deployment (bsc#1049327)

  - CVE-2017-10135: Better handling of PKCS8 material     (bsc#1049328)

  - CVE-2017-10176: Additional elliptic curve support     (bsc#1049329)

  - CVE-2017-10193: Improve algorithm constraints     implementation (bsc#1049330)

  - CVE-2017-10198: Clear certificate chain connections     (bsc#1049331)

  - CVE-2017-10243: Unspecified vulnerability in     subcomponent JAX-WS (bsc#1049332) Bug fixes :

  - Check registry registration location

  - Improved certificate processing

  - JMX diagnostic improvements

  - Update to libpng 1.6.28

  - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New     features :

  - Support using RSAandMGF1 with the SHA hash algorithms in     the PKCS11 provider

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Oracle Java SE installed on the remote host is prior to 6 Update 161, 7 Update 151, or 8 Update 141, and is therefore affected by a flaw that is triggered during object deserialization. This may allow a remote attacker to exhaust available memory and potentially cause a crash. (CVE-2017-10108, CVE-2017-10109)

These versions of Java SE are also affected by multiple vulerabilities in the following components :

 2D (CVE-2017-10053), AWT (CVE-2017-10110), Deployment (CVE-2017-10105), Deployment (CVE-2017-10125), Hotspot (CVE-2017-10074, CVE-2017-10081), ImageIO (CVE-2017-10089), JAX-WS (CVE-2017-10243), JAXP (CVE-2017-10096, CVE-2017-10101), JCE (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135), JavaFX (CVE-2017-10086, CVE-2017-10114), Libraries (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111), RMI (CVE-2017-10102, CVE-2017-10107), Scripting (CVE-2017-10067, CVE-2017-10078), Security (CVE-2017-10116, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 141, 7 Update 151, or 6 Update 161. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the 2D component that     allows an unauthenticated, remote attacker to cause a     denial of service condition. (CVE-2017-10053)

  - Multiple unspecified flaws exist in the Security     component that allow an unauthenticated, remote attacker     to execute arbitrary code. (CVE-2017-10067,     CVE-2017-10116)

  - An unspecified flaw exists in the Hotspot component that     allows an unauthenticated, remote attacker to execute     arbitrary code. (CVE-2017-10074)

  - An unspecified flaw exists in the Scripting component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10078)

  - An unspecified flaw exists in the Hotspot component that     allows an unauthenticated, remote attacker to impact     integrity. (CVE-2017-10081)

  - Multiple unspecified flaws exist in the JavaFX component     that allow an unauthenticated, remote attacker to     execute arbitrary code. (CVE-2017-10086, CVE-2017-10114)

  - Multiple unspecified flaws exist in the Libraries     component that allow an unauthenticated, remote attacker     to execute arbitrary code. (CVE-2017-10087,     CVE-2017-10090, CVE-2017-10111)

  - An unspecified flaw exists in the ImageIO component that     allows an unauthenticated, remote attacker to execute     arbitrary code. (CVE-2017-10089)

  - Multiple unspecified flaws exist in the JAXP component     that allow an unauthenticated, remote attacker to     execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)

  - Multiple unspecified flaws exist in the RMI component     that allow an unauthenticated, remote attacker to     execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)

  - Multiple unspecified flaws exist in the Server component     of the Java Advanced Management Console that allow an     authenticated, remote attacker to impact     confidentiality, integrity, and availability.
    (CVE-2017-10104, CVE-2017-10145)

  - An unspecified flaw exists in the Deployment component     that allows an unauthenticated, remote attacker to     impact integrity. (CVE-2017-10105)

  - Multiple unspecified flaws exist in the Serialization     component that allow an unauthenticated, remote attacker     to exhaust available memory, resulting in a denial of     service condition. (CVE-2017-10108, CVE-2017-10109)

  - An unspecified flaw exists in the AWT component that     allows an unauthenticated, remote attacker to execute     arbitrary code. (CVE-2017-10110)

  - Multiple unspecified flaws exist in the JCE component     that allow an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2017-10115,     CVE-2017-10118, CVE-2017-10135)

  - An unspecified flaw exists in the Server component of     the Java Advanced Management Console that allows an     unauthenticated, remote attacker to disclose sensitive     information. (CVE-2017-10117)

  - An unspecified flaw exists in the Server component of     the Java Advanced Management Console that allows an     unauthenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10121)

  - An unspecified flaw exists in the Deployment component     that allows a local attacker to impact confidentiality,     integrity, and availability. (CVE-2017-10125)

  - Multiple unspecified flaws exist in the Security     component that allow an unauthenticated, remote attacker     to disclose sensitive information. (CVE-2017-10176,     CVE-2017-10193, CVE-2017-10198)

  - An unspecified flaw exists in the JAX-WS component that     allows an unauthenticated, remote attacker to impact     confidentiality and availability. (CVE-2017-10243)

ID	Name	Product	Family	Severity
121719	Photon OS 1.0: Openjre PHSA-2017-0026	Nessus	PhotonOS Local Security Checks	critical
121718	Photon OS 1.0: Openjdk PHSA-2017-0026	Nessus	PhotonOS Local Security Checks	critical
111875	Photon OS 1.0: Openjdk / Openjre / Pycrypto / Python3 PHSA-2017-0026 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
105714	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)	Nessus	SuSE Local Security Checks	critical
105538	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)	Nessus	SuSE Local Security Checks	critical
103450	GLSA-201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
103191	AIX Java Advisory : java_july2017_advisory.asc (July 2017 CPU)	Nessus	AIX Local Security Checks	critical
102837	SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:2281-1)	Nessus	SuSE Local Security Checks	critical
102836	SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:2280-1)	Nessus	SuSE Local Security Checks	critical
102801	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:2263-1)	Nessus	SuSE Local Security Checks	critical
102621	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954)	Nessus	SuSE Local Security Checks	critical
102541	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2175-1)	Nessus	SuSE Local Security Checks	critical
700165	Oracle Java SE 6 < Update 161 / 7 < Update 151 / 8 < Update 141 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
101844	Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) (Unix)	Nessus	Misc.	critical
101843	Oracle Java SE Multiple Vulnerabilities (July 2017 CPU)	Nessus	Windows	critical

CVE-2017-10125

HIGH

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical