SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)
high Nessus Plugin ID 104531
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 6.7
Synopsis
The remote SUSE host is missing one or more security updates.Description
This update for java-1_8_0-openjdk fixes the following issues :- Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed :
- CVE-2017-10274: Handle smartcard clean up better (bsc#1064071)
- CVE-2017-10281: Better queuing priorities (bsc#1064072)
- CVE-2017-10285: Unreferenced references (bsc#1064073)
- CVE-2017-10295: Better URL connections (bsc#1064075)
- CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086)
- CVE-2017-10346: Better invokespecial checks (bsc#1064078)
- CVE-2017-10350: Better Base Exceptions (bsc#1064082)
- CVE-2017-10347: Better timezone processing (bsc#1064079)
- CVE-2017-10349: Better X processing (bsc#1064081)
- CVE-2017-10345: Better keystore handling (bsc#1064077)
- CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080)
- CVE-2017-10357: Process Proxy presentation (bsc#1064085)
- CVE-2017-10355: More stable connection processing (bsc#1064083)
- CVE-2017-10356: Update storage implementations (bsc#1064084)
- CVE-2016-10165: Improve CMS header processing (bsc#1064069)
- CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes :
- Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use YaST online_update.Alternatively you can run the command listed for your product :
SUSE OpenStack Cloud 6:zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1847=1
SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1847=1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1847=1
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1847=1
SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1847=1
SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1847=1
SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1847=1
SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1847=1
To bring your system up-to-date, use 'zypper patch'.
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1032647
https://bugzilla.suse.com/show_bug.cgi?id=1052009
https://bugzilla.suse.com/show_bug.cgi?id=1064069
https://bugzilla.suse.com/show_bug.cgi?id=1064070
https://bugzilla.suse.com/show_bug.cgi?id=1064071
https://bugzilla.suse.com/show_bug.cgi?id=1064072
https://bugzilla.suse.com/show_bug.cgi?id=1064073
https://bugzilla.suse.com/show_bug.cgi?id=1064075
https://bugzilla.suse.com/show_bug.cgi?id=1064077
https://bugzilla.suse.com/show_bug.cgi?id=1064078
https://bugzilla.suse.com/show_bug.cgi?id=1064079
https://bugzilla.suse.com/show_bug.cgi?id=1064080
https://bugzilla.suse.com/show_bug.cgi?id=1064081
https://bugzilla.suse.com/show_bug.cgi?id=1064082
https://bugzilla.suse.com/show_bug.cgi?id=1064083
https://bugzilla.suse.com/show_bug.cgi?id=1064084
https://bugzilla.suse.com/show_bug.cgi?id=1064085
https://bugzilla.suse.com/show_bug.cgi?id=1064086
https://www.suse.com/security/cve/CVE-2016-10165/
https://www.suse.com/security/cve/CVE-2016-9840/
https://www.suse.com/security/cve/CVE-2016-9841/
https://www.suse.com/security/cve/CVE-2016-9842/
https://www.suse.com/security/cve/CVE-2016-9843/
https://www.suse.com/security/cve/CVE-2017-10274/
https://www.suse.com/security/cve/CVE-2017-10281/
https://www.suse.com/security/cve/CVE-2017-10285/
https://www.suse.com/security/cve/CVE-2017-10295/
https://www.suse.com/security/cve/CVE-2017-10345/
https://www.suse.com/security/cve/CVE-2017-10346/
https://www.suse.com/security/cve/CVE-2017-10347/
https://www.suse.com/security/cve/CVE-2017-10348/
https://www.suse.com/security/cve/CVE-2017-10349/
https://www.suse.com/security/cve/CVE-2017-10350/
https://www.suse.com/security/cve/CVE-2017-10355/
https://www.suse.com/security/cve/CVE-2017-10356/
https://www.suse.com/security/cve/CVE-2017-10357/
Plugin Details
Severity: High
ID: 104531
File Name: suse_SU-2017-2989-1.nasl
Version: 3.7
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 11/13/2017
Updated: 1/6/2021
Dependencies: 12634
Risk Information
Risk Factor: High
VPR Score: 6.7
CVSS v2.0
Base Score: 7.5
Temporal Score: 5.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3.0
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo, cpe:/o:novell:suse_linux:12
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/10/2017
Vulnerability Publication Date: 2/3/2017
Reference Information
CVE: CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388