SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)
critical Nessus Plugin ID 104531
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote SUSE host is missing one or more security updates.Description
This update for java-1_8_0-openjdk fixes the following issues :- Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed :
- CVE-2017-10274: Handle smartcard clean up better (bsc#1064071)
- CVE-2017-10281: Better queuing priorities (bsc#1064072)
- CVE-2017-10285: Unreferenced references (bsc#1064073)
- CVE-2017-10295: Better URL connections (bsc#1064075)
- CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086)
- CVE-2017-10346: Better invokespecial checks (bsc#1064078)
- CVE-2017-10350: Better Base Exceptions (bsc#1064082)
- CVE-2017-10347: Better timezone processing (bsc#1064079)
- CVE-2017-10349: Better X processing (bsc#1064081)
- CVE-2017-10345: Better keystore handling (bsc#1064077)
- CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080)
- CVE-2017-10357: Process Proxy presentation (bsc#1064085)
- CVE-2017-10355: More stable connection processing (bsc#1064083)
- CVE-2017-10356: Update storage implementations (bsc#1064084)
- CVE-2016-10165: Improve CMS header processing (bsc#1064069)
- CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes :
- Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use YaST online_update.Alternatively you can run the command listed for your product :
SUSE OpenStack Cloud 6:zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1847=1
SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1847=1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1847=1
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1847=1
SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1847=1
SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1847=1
SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1847=1
SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1847=1
To bring your system up-to-date, use 'zypper patch'.
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1032647
https://bugzilla.suse.com/show_bug.cgi?id=1052009
https://bugzilla.suse.com/show_bug.cgi?id=1064069
https://bugzilla.suse.com/show_bug.cgi?id=1064070
https://bugzilla.suse.com/show_bug.cgi?id=1064071
https://bugzilla.suse.com/show_bug.cgi?id=1064072
https://bugzilla.suse.com/show_bug.cgi?id=1064073
https://bugzilla.suse.com/show_bug.cgi?id=1064075
https://bugzilla.suse.com/show_bug.cgi?id=1064077
https://bugzilla.suse.com/show_bug.cgi?id=1064078
https://bugzilla.suse.com/show_bug.cgi?id=1064079
https://bugzilla.suse.com/show_bug.cgi?id=1064080
https://bugzilla.suse.com/show_bug.cgi?id=1064081
https://bugzilla.suse.com/show_bug.cgi?id=1064082
https://bugzilla.suse.com/show_bug.cgi?id=1064083
https://bugzilla.suse.com/show_bug.cgi?id=1064084
https://bugzilla.suse.com/show_bug.cgi?id=1064085
https://bugzilla.suse.com/show_bug.cgi?id=1064086
https://www.suse.com/security/cve/CVE-2016-10165/
https://www.suse.com/security/cve/CVE-2016-9840/
https://www.suse.com/security/cve/CVE-2016-9841/
https://www.suse.com/security/cve/CVE-2016-9842/
https://www.suse.com/security/cve/CVE-2016-9843/
https://www.suse.com/security/cve/CVE-2017-10274/
https://www.suse.com/security/cve/CVE-2017-10281/
https://www.suse.com/security/cve/CVE-2017-10285/
https://www.suse.com/security/cve/CVE-2017-10295/
https://www.suse.com/security/cve/CVE-2017-10345/
https://www.suse.com/security/cve/CVE-2017-10346/
https://www.suse.com/security/cve/CVE-2017-10347/
https://www.suse.com/security/cve/CVE-2017-10348/
https://www.suse.com/security/cve/CVE-2017-10349/
https://www.suse.com/security/cve/CVE-2017-10350/
https://www.suse.com/security/cve/CVE-2017-10355/
https://www.suse.com/security/cve/CVE-2017-10356/
https://www.suse.com/security/cve/CVE-2017-10357/
Plugin Details
Severity: Critical
ID: 104531
File Name: suse_SU-2017-2989-1.nasl
Version: 3.7
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 11/13/2017
Updated: 1/6/2021
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo, cpe:/o:novell:suse_linux:12
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/10/2017
Vulnerability Publication Date: 2/3/2017
Reference Information
CVE: CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388