EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1292)

Medium Nessus Plugin ID 117736

Synopsis

The remote EulerOS host is missing a security update.

Description

According to the version of the java-1.7.0-openjdk packages
installed, the EulerOS installation on the remote host is affected by
the following vulnerability :

- Vulnerability in the Java SE, Java SE Embedded, JRockit
component of Oracle Java SE (subcomponent:
Concurrency). Supported versions that are affected are
Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE
Embedded: 8u171; JRockit: R28.3.18. Difficult to
exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to
compromise Java SE, Java SE Embedded, JRockit.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of
service (partial DOS) of Java SE, Java SE Embedded,
JRockit. Note: Applies to client and server deployment
of Java. This vulnerability can be exploited through
sandboxed Java Web Start applications and sandboxed
Java applets. It can also be exploited by supplying
data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java
applets, such as through a web service.(CVE-2018-2952)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution

Update the affected java-1.7.0-openjdk package.

See Also

http://www.nessus.org/u?04eb7fff

Plugin Details

Severity: Medium

ID: 117736

File Name: EulerOS_SA-2018-1292.nasl

Version: 1.2

Type: local

Published: 2018/09/27

Modified: 2018/11/13

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:java-1.7.0-openjdk, p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel, p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless, cpe:/o:huawei:euleros:2.0

Patch Publication Date: 2018/09/12

Reference Information

CVE: CVE-2018-2952