openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954)
critical Nessus Plugin ID 102621
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues :Security issues fixed :
- CVE-2017-10053: Improved image post-processing steps (bsc#1049305)
- CVE-2017-10067: Additional jar validation steps (bsc#1049306)
- CVE-2017-10074: Image conversion improvements (bsc#1049307)
- CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)
- CVE-2017-10081: Right parenthesis issue (bsc#1049309)
- CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310)
- CVE-2017-10087: Better Thread Pool execution (bsc#1049311)
- CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)
- CVE-2017-10090: Better handling of channel groups (bsc#1049313)
- CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)
- CVE-2017-10101: Better reading of text catalogs (bsc#1049315)
- CVE-2017-10102: Improved garbage collection (bsc#1049316)
- CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317)
- CVE-2017-10107: Less Active Activations (bsc#1049318)
- CVE-2017-10108: Better naming attribution (bsc#1049319)
- CVE-2017-10109: Better sourcing of code (bsc#1049320)
- CVE-2017-10110: Better image fetching (bsc#1049321)
- CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)
- CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323)
- CVE-2017-10115: Higher quality DSA operations (bsc#1049324)
- CVE-2017-10116: Proper directory lookup processing (bsc#1049325)
- CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)
- CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327)
- CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)
- CVE-2017-10176: Additional elliptic curve support (bsc#1049329)
- CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330)
- CVE-2017-10198: Clear certificate chain connections (bsc#1049331)
- CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332)
Bug fixes :
- Check registry registration location
- Improved certificate processing
- JMX diagnostic improvements
- Update to libpng 1.6.28
- Import of OpenJDK 8 u141 build 15 (bsc#1049302)
New features :
- Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Solution
Update the affected java-1_8_0-openjdk packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1049302
https://bugzilla.opensuse.org/show_bug.cgi?id=1049305
https://bugzilla.opensuse.org/show_bug.cgi?id=1049306
https://bugzilla.opensuse.org/show_bug.cgi?id=1049307
https://bugzilla.opensuse.org/show_bug.cgi?id=1049308
https://bugzilla.opensuse.org/show_bug.cgi?id=1049309
https://bugzilla.opensuse.org/show_bug.cgi?id=1049310
https://bugzilla.opensuse.org/show_bug.cgi?id=1049311
https://bugzilla.opensuse.org/show_bug.cgi?id=1049312
https://bugzilla.opensuse.org/show_bug.cgi?id=1049313
https://bugzilla.opensuse.org/show_bug.cgi?id=1049314
https://bugzilla.opensuse.org/show_bug.cgi?id=1049315
https://bugzilla.opensuse.org/show_bug.cgi?id=1049316
https://bugzilla.opensuse.org/show_bug.cgi?id=1049317
https://bugzilla.opensuse.org/show_bug.cgi?id=1049318
https://bugzilla.opensuse.org/show_bug.cgi?id=1049319
https://bugzilla.opensuse.org/show_bug.cgi?id=1049320
https://bugzilla.opensuse.org/show_bug.cgi?id=1049321
https://bugzilla.opensuse.org/show_bug.cgi?id=1049322
https://bugzilla.opensuse.org/show_bug.cgi?id=1049323
https://bugzilla.opensuse.org/show_bug.cgi?id=1049324
https://bugzilla.opensuse.org/show_bug.cgi?id=1049325
https://bugzilla.opensuse.org/show_bug.cgi?id=1049326
https://bugzilla.opensuse.org/show_bug.cgi?id=1049327
https://bugzilla.opensuse.org/show_bug.cgi?id=1049328
https://bugzilla.opensuse.org/show_bug.cgi?id=1049329
https://bugzilla.opensuse.org/show_bug.cgi?id=1049330
Plugin Details
Severity: Critical
ID: 102621
File Name: openSUSE-2017-954.nasl
Version: 3.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 8/21/2017
Updated: 1/19/2021
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:java-1_8_0-openjdk, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 8/18/2017
Reference Information
CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243