openSUSE Security Update : Java7 (openSUSE-2016-110) (SLOTH)

high Nessus Plugin ID 88540
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes :

- Security fixes

- S8059054, CVE-2016-0402: Better URL processing

- S8130710, CVE-2016-0448: Better attributes processing

- S8132210: Reinforce JMX collector internals

- S8132988: Better printing dialogues

- S8133962, CVE-2016-0466: More general limits

- S8137060: JMX memory management improvements

- S8139012: Better font substitutions

- S8139017, CVE-2016-0483: More stable image decoding

- S8140543, CVE-2016-0494: Arrange font actions

- S8143185: Cleanup for handling proxies

- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays

- S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)

- S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed

- Import of OpenJDK 7 u95 build 0

- S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified

- S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.
java failed with SocketTimeoutException

- S8074068: Cleanup in src/share/classes/sun/security/x509/

- S8075773: jps running as root fails after the fix of JDK-8050807

- S8081297: SSL Problem with Tomcat

- S8131181: Increment minor version of HSx for 7u95 and initialize the build number

- S8132082: Let OracleUcrypto accept RSAPrivateKey

- S8134605: Partial rework of the fix for 8081297

- S8134861: XSLT: Extension func call cause exception if namespace URI contains partial package name

- S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing

- S8138716: (tz) Support tzdata2015g

- S8140244: Port fix of JDK-8075773 to MacOSX

- S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS

- S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2

- S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBui ld.java 8u71 failure

- S8143132: L10n resource file translation update

- S8144955: Wrong changes were pushed with 8143942

- S8145551: Test failed with Crash for Improved font lookups

- S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor(,2).cpp

- Backports

- S8140244: Port fix of JDK-8075773 to AIX

- S8133196, PR2712, RH1251935: HTTPS hostname invalid issue with InetAddress

- S8140620, PR2710: Find and load default.sf2 as the default soundbank on Linux

Solution

Update the affected Java7 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=939523

https://bugzilla.opensuse.org/show_bug.cgi?id=962743

Plugin Details

Severity: High

ID: 88540

File Name: openSUSE-2016-110.nasl

Version: 2.9

Type: local

Agent: unix

Published: 2/3/2016

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_7_0-openjdk, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 1/27/2016

Vulnerability Publication Date: 10/21/2015

Reference Information

CVE: CVE-2015-4871, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494