openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)

critical Nessus Plugin ID 105714
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for java-1_7_0-openjdk fixes the following issues :

Security issues fixed :

- CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084).

- CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071).

- CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072).

- CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073).

- CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075).

- CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086).

- CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078).

- CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082).

- CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079).

- CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081).

- CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077).

- CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080).

- CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085).

- CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083).

- CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316).

- CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305).

- CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306).

- CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309).

- CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311).

- CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312).

- CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313).

- CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314).

- CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315).

- CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318).

- CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307).

- CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321).

- CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319).

- CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320).

- CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324).

- CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326).

- CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325).

- CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328).

- CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329).

- CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307).

- CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307).

- CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322).

- CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332).

- CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327).

- CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323).

- CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317).

- CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310).

- CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331).

- CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330).

Bug fixes :

- Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318).

This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected java-1_7_0-openjdk packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1049305

https://bugzilla.opensuse.org/show_bug.cgi?id=1049306

https://bugzilla.opensuse.org/show_bug.cgi?id=1049307

https://bugzilla.opensuse.org/show_bug.cgi?id=1049309

https://bugzilla.opensuse.org/show_bug.cgi?id=1049310

https://bugzilla.opensuse.org/show_bug.cgi?id=1049311

https://bugzilla.opensuse.org/show_bug.cgi?id=1049312

https://bugzilla.opensuse.org/show_bug.cgi?id=1049313

https://bugzilla.opensuse.org/show_bug.cgi?id=1049314

https://bugzilla.opensuse.org/show_bug.cgi?id=1049315

https://bugzilla.opensuse.org/show_bug.cgi?id=1049316

https://bugzilla.opensuse.org/show_bug.cgi?id=1049317

https://bugzilla.opensuse.org/show_bug.cgi?id=1049318

https://bugzilla.opensuse.org/show_bug.cgi?id=1049319

https://bugzilla.opensuse.org/show_bug.cgi?id=1049320

https://bugzilla.opensuse.org/show_bug.cgi?id=1049321

https://bugzilla.opensuse.org/show_bug.cgi?id=1049322

https://bugzilla.opensuse.org/show_bug.cgi?id=1049323

https://bugzilla.opensuse.org/show_bug.cgi?id=1049324

https://bugzilla.opensuse.org/show_bug.cgi?id=1049325

https://bugzilla.opensuse.org/show_bug.cgi?id=1049326

https://bugzilla.opensuse.org/show_bug.cgi?id=1049327

https://bugzilla.opensuse.org/show_bug.cgi?id=1049328

https://bugzilla.opensuse.org/show_bug.cgi?id=1049329

https://bugzilla.opensuse.org/show_bug.cgi?id=1049330

https://bugzilla.opensuse.org/show_bug.cgi?id=1049331

https://bugzilla.opensuse.org/show_bug.cgi?id=1049332

https://bugzilla.opensuse.org/show_bug.cgi?id=1052318

https://bugzilla.opensuse.org/show_bug.cgi?id=1064071

https://bugzilla.opensuse.org/show_bug.cgi?id=1064072

https://bugzilla.opensuse.org/show_bug.cgi?id=1064073

https://bugzilla.opensuse.org/show_bug.cgi?id=1064075

https://bugzilla.opensuse.org/show_bug.cgi?id=1064077

https://bugzilla.opensuse.org/show_bug.cgi?id=1064078

https://bugzilla.opensuse.org/show_bug.cgi?id=1064079

https://bugzilla.opensuse.org/show_bug.cgi?id=1064080

https://bugzilla.opensuse.org/show_bug.cgi?id=1064081

https://bugzilla.opensuse.org/show_bug.cgi?id=1064082

https://bugzilla.opensuse.org/show_bug.cgi?id=1064083

https://bugzilla.opensuse.org/show_bug.cgi?id=1064084

https://bugzilla.opensuse.org/show_bug.cgi?id=1064085

https://bugzilla.opensuse.org/show_bug.cgi?id=1064086

Plugin Details

Severity: Critical

ID: 105714

File Name: openSUSE-2018-14.nasl

Version: 3.5

Type: local

Agent: unix

Published: 1/10/2018

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_7_0-openjdk, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/9/2018

Reference Information

CVE: CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388