openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)

High Nessus Plugin ID 92992

Synopsis

The remote openSUSE host is missing a security update.

Description

Update to 2.6.7 - OpenJDK 7u111

 - Security fixes

 - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)

 - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)

 - S8147771: Construction of static protection domains under Javax custom policy

 - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)

 - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)

 - S8150752: Share Class Data

 - S8151925: Font reference improvements

 - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)

 - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)

 - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)

 - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)

 - CVE-2016-3511 (bsc#989727)

 - CVE-2016-3503 (bsc#989728)

 - CVE-2016-3498 (bsc#989729)

Solution

Update the affected OpenJDK7 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=988651

https://bugzilla.opensuse.org/show_bug.cgi?id=989722

https://bugzilla.opensuse.org/show_bug.cgi?id=989723

https://bugzilla.opensuse.org/show_bug.cgi?id=989725

https://bugzilla.opensuse.org/show_bug.cgi?id=989727

https://bugzilla.opensuse.org/show_bug.cgi?id=989728

https://bugzilla.opensuse.org/show_bug.cgi?id=989729

https://bugzilla.opensuse.org/show_bug.cgi?id=989730

https://bugzilla.opensuse.org/show_bug.cgi?id=989731

https://bugzilla.opensuse.org/show_bug.cgi?id=989732

https://bugzilla.opensuse.org/show_bug.cgi?id=989733

https://bugzilla.opensuse.org/show_bug.cgi?id=989734

Plugin Details

Severity: High

ID: 92992

File Name: openSUSE-2016-982.nasl

Version: Revision: 2.2

Type: local

Agent: unix

Published: 2016/08/17

Updated: 2016/10/13

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_7_0-openjdk, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src, cpe:/o:novell:opensuse:13.1

Patch Publication Date: 2016/08/12

Reference Information

CVE: CVE-2016-3458, CVE-2016-3485, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610