openSUSE Security Update : Java7 (openSUSE-2016-110) (SLOTH)

Critical Nessus Plugin ID 88540

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6

Synopsis

The remote openSUSE host is missing a security update.

Description

Update OpenJDK to 7u95 / IcedTea 2.6.4 including the following fixes :

- Security fixes

- S8059054, CVE-2016-0402: Better URL processing

- S8130710, CVE-2016-0448: Better attributes processing

- S8132210: Reinforce JMX collector internals

- S8132988: Better printing dialogues

- S8133962, CVE-2016-0466: More general limits

- S8137060: JMX memory management improvements

- S8139012: Better font substitutions

- S8139017, CVE-2016-0483: More stable image decoding

- S8140543, CVE-2016-0494: Arrange font actions

- S8143185: Cleanup for handling proxies

- S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays

- S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)

- S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed

- Import of OpenJDK 7 u95 build 0

- S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified

- S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.
java failed with SocketTimeoutException

- S8074068: Cleanup in src/share/classes/sun/security/x509/

- S8075773: jps running as root fails after the fix of JDK-8050807

- S8081297: SSL Problem with Tomcat

- S8131181: Increment minor version of HSx for 7u95 and initialize the build number

- S8132082: Let OracleUcrypto accept RSAPrivateKey

- S8134605: Partial rework of the fix for 8081297

- S8134861: XSLT: Extension func call cause exception if namespace URI contains partial package name

- S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing

- S8138716: (tz) Support tzdata2015g

- S8140244: Port fix of JDK-8075773 to MacOSX

- S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS

- S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2

- S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBui ld.java 8u71 failure

- S8143132: L10n resource file translation update

- S8144955: Wrong changes were pushed with 8143942

- S8145551: Test failed with Crash for Improved font lookups

- S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor(,2).cpp

- Backports

- S8140244: Port fix of JDK-8075773 to AIX

- S8133196, PR2712, RH1251935: HTTPS hostname invalid issue with InetAddress

- S8140620, PR2710: Find and load default.sf2 as the default soundbank on Linux

Solution

Update the affected Java7 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=939523

https://bugzilla.opensuse.org/show_bug.cgi?id=962743

Plugin Details

Severity: Critical

ID: 88540

File Name: openSUSE-2016-110.nasl

Version: 2.8

Type: local

Agent: unix

Published: 2016/02/03

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 6

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_7_0-openjdk, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2016/01/27

Vulnerability Publication Date: 2015/10/21

Reference Information

CVE: CVE-2015-4871, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494