RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for java-1.8.0-openjdk is now available for Red Hat
Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es) :

* Multiple flaws were discovered in the Hotspot and Libraries
components in OpenJDK. An untrusted Java application or applet could
use these flaws to completely bypass Java sandbox restrictions.
(CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610)

* Multiple denial of service flaws were found in the JAXP component in
OpenJDK. A specially crafted XML file could cause a Java application
using JAXP to consume an excessive amount of CPU and memory when
parsed. (CVE-2016-3500, CVE-2016-3508)

* Multiple flaws were found in the CORBA and Hotsport components in
OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2016-3458,
CVE-2016-3550)

Note: If the web browser plug-in provided by the icedtea-web package
was installed, the issues exposed via Java applets could have been
exploited without user interaction if a user visited a malicious
website.

See also :

https://www.redhat.com/security/data/cve/CVE-2016-3458.html
https://www.redhat.com/security/data/cve/CVE-2016-3500.html
https://www.redhat.com/security/data/cve/CVE-2016-3508.html
https://www.redhat.com/security/data/cve/CVE-2016-3550.html
https://www.redhat.com/security/data/cve/CVE-2016-3587.html
https://www.redhat.com/security/data/cve/CVE-2016-3598.html
https://www.redhat.com/security/data/cve/CVE-2016-3606.html
https://www.redhat.com/security/data/cve/CVE-2016-3610.html
http://rhn.redhat.com/errata/RHSA-2016-1458.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 92490 ()

Bugtraq ID:

CVE ID: CVE-2016-3458
CVE-2016-3500
CVE-2016-3508
CVE-2016-3550
CVE-2016-3587
CVE-2016-3598
CVE-2016-3606
CVE-2016-3610

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now