openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-107) (SLOTH)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

java-1_7_0-openjdk was updated to version 7u95 to fix 9 security
issues. (bsc#962743)

- CVE-2015-4871: Rebinding of the receiver of a
DirectMethodHandle may allow a protected method to be
accessed

- CVE-2015-7575: Further reduce use of MD5 (SLOTH)
(bsc#960996)

- CVE-2015-8126: Vulnerability in the AWT component
related to splashscreen displays

- CVE-2015-8472: Vulnerability in the AWT component,
addressed by same fix

- CVE-2016-0402: Vulnerability in the Networking component
related to URL processing

- CVE-2016-0448: Vulnerability in the JMX comonent related
to attribute processing

- CVE-2016-0466: Vulnerability in the JAXP component,
related to limits

- CVE-2016-0483: Vulnerability in the AWT component
related to image decoding

- CVE-2016-0494: Vulnerability in 2D component related to
font actions

The following bugs were fixed :

- bsc#939523: java-1_7_0-openjdk-headless had X
dependencies, move libjavagtk to full package

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=939523
https://bugzilla.opensuse.org/show_bug.cgi?id=960996
https://bugzilla.opensuse.org/show_bug.cgi?id=962743

Solution :

Update the affected java-1_7_0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 88538 ()

Bugtraq ID:

CVE ID: CVE-2015-4871
CVE-2015-7575
CVE-2015-8126
CVE-2015-8472
CVE-2016-0402
CVE-2016-0448
CVE-2016-0466
CVE-2016-0483
CVE-2016-0494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now