openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2015-0458: Deployment: unauthenticated remote
attackers could execute arbitrary code via multiple
protocols.

- CVE-2015-0459: 2D: unauthenticated remote attackers
could execute arbitrary code via multiple protocols.

- CVE-2015-0460: Hotspot: unauthenticated remote attackers
could execute arbitrary code via multiple protocols.

- CVE-2015-0469: 2D: unauthenticated remote attackers
could execute arbitrary code via multiple protocols.

- CVE-2015-0470: Hotspot: unauthenticated remote attackers
could update, insert or delete some JAVA accessible data
via multiple protocols

- CVE-2015-0477: Beans: unauthenticated remote attackers
could update, insert or delete some JAVA accessible data
via multiple protocols

- CVE-2015-0478: JCE: unauthenticated remote attackers
could read some JAVA accessible data via multiple
protocols

- CVE-2015-0480: Tools: unauthenticated remote attackers
could update, insert or delete some JAVA accessible data
via multiple protocols and cause a partial denial of
service (partial DOS)

- CVE-2015-0484: JavaFX: unauthenticated remote attackers
could read, update, insert or delete access some Java
accessible data via multiple protocols and cause a
partial denial of service (partial DOS).

- CVE-2015-0486: Deployment: unauthenticated remote
attackers could read some JAVA accessible data via
multiple protocols

- CVE-2015-0488: JSSE: unauthenticated remote attackers
could cause a partial denial of service (partial DOS).

- CVE-2015-0491: 2D: unauthenticated remote attackers
could execute arbitrary code via multiple protocols.

- CVE-2015-0492: JavaFX: unauthenticated remote attackers
could execute arbitrary code via multiple protocols.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=927591

Solution :

Update the affected java-1_8_0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now