openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-115) (SLOTH)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

java-1_7_0-openjdk was updated to version 7u95 to fix 9 security
issues. (bsc#962743)

- CVE-2015-4871: Rebinding of the receiver of a
DirectMethodHandle may allow a protected method to be

- CVE-2015-7575: Further reduce use of MD5 (SLOTH)

- CVE-2015-8126: Vulnerability in the AWT component
related to splashscreen displays

- CVE-2015-8472: Vulnerability in the AWT component,
addressed by same fix

- CVE-2016-0402: Vulnerability in the Networking component
related to URL processing

- CVE-2016-0448: Vulnerability in the JMX comonent related
to attribute processing

- CVE-2016-0466: Vulnerability in the JAXP component,
related to limits

- CVE-2016-0483: Vulnerability in the AWT component
related to image decoding

- CVE-2016-0494: Vulnerability in 2D component related to
font actions

The following bugs were fixed :

- bsc#939523: java-1_7_0-openjdk-headless had X
dependencies, move libjavagtk to full package

This update was imported from the SUSE:SLE-12:Update update project.

See also :

Solution :

Update the affected java-1_7_0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 88541 ()

Bugtraq ID:

CVE ID: CVE-2015-4871

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now