openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)

critical Nessus Plugin ID 92992

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

Update to 2.6.7 - OpenJDK 7u111

 - Security fixes

 - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)

 - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)

 - S8147771: Construction of static protection domains under Javax custom policy

 - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)

 - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)

 - S8150752: Share Class Data

 - S8151925: Font reference improvements

 - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)

 - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)

 - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)

 - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)

 - CVE-2016-3511 (bsc#989727)

 - CVE-2016-3503 (bsc#989728)

 - CVE-2016-3498 (bsc#989729)

Solution

Update the affected OpenJDK7 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=988651

https://bugzilla.opensuse.org/show_bug.cgi?id=989722

https://bugzilla.opensuse.org/show_bug.cgi?id=989723

https://bugzilla.opensuse.org/show_bug.cgi?id=989725

https://bugzilla.opensuse.org/show_bug.cgi?id=989727

https://bugzilla.opensuse.org/show_bug.cgi?id=989728

https://bugzilla.opensuse.org/show_bug.cgi?id=989729

https://bugzilla.opensuse.org/show_bug.cgi?id=989730

https://bugzilla.opensuse.org/show_bug.cgi?id=989731

https://bugzilla.opensuse.org/show_bug.cgi?id=989732

https://bugzilla.opensuse.org/show_bug.cgi?id=989733

https://bugzilla.opensuse.org/show_bug.cgi?id=989734

Plugin Details

Severity: Critical

ID: 92992

File Name: openSUSE-2016-982.nasl

Version: 2.4

Type: local

Agent: unix

Published: 8/17/2016

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_7_0-openjdk, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 8/12/2016

Reference Information

CVE: CVE-2016-3458, CVE-2016-3485, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610