openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Update to 2.6.7 - OpenJDK 7u111

- Security fixes

- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
(bsc#989732)

- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)

- S8147771: Construction of static protection domains
under Javax custom policy

- S8148872, CVE-2016-3500: Complete name checking
(bsc#989730)

- S8149962, CVE-2016-3508: Better delineation of XML
processing (bsc#989731)

- S8150752: Share Class Data

- S8151925: Font reference improvements

- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)

- S8155981, CVE-2016-3606: Bolster bytecode verification
(bsc#989722)

- S8155985, CVE-2016-3598: Persistent Parameter Processing
(bsc#989723)

- S8158571, CVE-2016-3610: Additional method handle
validation (bsc#989725)

- CVE-2016-3511 (bsc#989727)

- CVE-2016-3503 (bsc#989728)

- CVE-2016-3498 (bsc#989729)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=988651
https://bugzilla.opensuse.org/show_bug.cgi?id=989722
https://bugzilla.opensuse.org/show_bug.cgi?id=989723
https://bugzilla.opensuse.org/show_bug.cgi?id=989725
https://bugzilla.opensuse.org/show_bug.cgi?id=989727
https://bugzilla.opensuse.org/show_bug.cgi?id=989728
https://bugzilla.opensuse.org/show_bug.cgi?id=989729
https://bugzilla.opensuse.org/show_bug.cgi?id=989730
https://bugzilla.opensuse.org/show_bug.cgi?id=989731
https://bugzilla.opensuse.org/show_bug.cgi?id=989732
https://bugzilla.opensuse.org/show_bug.cgi?id=989733
https://bugzilla.opensuse.org/show_bug.cgi?id=989734

Solution :

Update the affected OpenJDK7 packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now