SuSE Local Security Checks : SuSE Update for java-1_8_0-openjdk openSUSE-SU-2018:3057-1 (java-1_8

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 143769 CVE Beschreibungen und 71225 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.852014

Kategorie: SuSE Local Security Checks

Titel: SuSE Update for java-1_8_0-openjdk openSUSE-SU-2018:3057-1 (java-1_8_0-openjdk)

Zusammenfassung: The remote host is missing an update for the 'java-1_8_0-openjdk'; package(s) announced via the openSUSE-SU-2018:3057_1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'java-1_8_0-openjdk'
package(s) announced via the openSUSE-SU-2018:3057_1 advisory.

Vulnerability Insight:
This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release
fixes the following issues:

These security issues were fixed:

- CVE-2018-2938: Difficult to exploit vulnerability allowed
unauthenticated attacker with network access via multiple protocols to
compromise Java SE. Successful attacks of this vulnerability can result
in takeover of Java SE (bsc#1101644).

- CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily
exploitable vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks require human interaction from a person other than
the attacker. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of Java SE, Java SE Embedded
accessible data (bsc#1101645)

- CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to
exploit vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS)
of Java SE, Java SE Embedded, JRockit (bsc#1101651)

- CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit
vulnerability allowed unauthenticated attacker with network access via
SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of
this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Java SE, Java SE Embedded
accessible data (bsc#1101656)

These non-security issues were fixed:

- Improve desktop file usage

- Better Internet address support

- speculative traps break when classes are redefined

- sun/security/pkcs11/ec/ReadCertificates.java fails intermittently

- Clean up code that saves the previous versions of redefined classes

- Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links

- RedefineClasses() tests fail assert(((Metadata*)obj)- is_valid())
failed: obj is valid

- NMT is not enabled if NMT option is specified after class path specifiers

- EndEntityChecker should not process custom extensions after PKIX
validation

- SupportedDSAParamGen.java failed with timeout

- Montgomery multiply intrinsic should use correct name

- When determining the ciphersuite lists, there is no debug output for
disabled suites.

- sun/security/mscapi/SignedObjectChain.java fails on Windows

- On Windows Swing changes keyboard layout on a window activation

- ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1_8_0-openjdk on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-2938
BugTraq ID: 104774
http://www.securityfocus.com/bid/104774
http://www.securitytracker.com/id/1041302
Common Vulnerability Exposure (CVE) ID: CVE-2018-2940
RedHat Security Advisories: RHSA-2018:2253
https://access.redhat.com/errata/RHSA-2018:2253
RedHat Security Advisories: RHSA-2018:2254
https://access.redhat.com/errata/RHSA-2018:2254
RedHat Security Advisories: RHSA-2018:2255
https://access.redhat.com/errata/RHSA-2018:2255
RedHat Security Advisories: RHSA-2018:2256
https://access.redhat.com/errata/RHSA-2018:2256
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2569
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2576
https://access.redhat.com/errata/RHSA-2018:2576
RedHat Security Advisories: RHSA-2018:2712
https://access.redhat.com/errata/RHSA-2018:2712
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
RedHat Security Advisories: RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3007
RedHat Security Advisories: RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3008
BugTraq ID: 104768
http://www.securityfocus.com/bid/104768
Common Vulnerability Exposure (CVE) ID: CVE-2018-2952
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
Debian Security Information: DSA-4268 (Google Search)
https://www.debian.org/security/2018/dsa-4268
RedHat Security Advisories: RHSA-2018:2241
https://access.redhat.com/errata/RHSA-2018:2241
RedHat Security Advisories: RHSA-2018:2242
https://access.redhat.com/errata/RHSA-2018:2242
RedHat Security Advisories: RHSA-2018:2283
https://access.redhat.com/errata/RHSA-2018:2283
RedHat Security Advisories: RHSA-2018:2286
https://access.redhat.com/errata/RHSA-2018:2286
https://usn.ubuntu.com/3734-1/
https://usn.ubuntu.com/3735-1/
https://usn.ubuntu.com/3747-1/
BugTraq ID: 104765
http://www.securityfocus.com/bid/104765
Common Vulnerability Exposure (CVE) ID: CVE-2018-2973
BugTraq ID: 104773
http://www.securityfocus.com/bid/104773

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 71225 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.852014
Kategorie:	SuSE Local Security Checks
Titel:	SuSE Update for java-1_8_0-openjdk openSUSE-SU-2018:3057-1 (java-1_8_0-openjdk)
Zusammenfassung:	The remote host is missing an update for the 'java-1_8_0-openjdk'; package(s) announced via the openSUSE-SU-2018:3057_1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the openSUSE-SU-2018:3057_1 advisory. Vulnerability Insight: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)- is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: java-1_8_0-openjdk on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-2938 BugTraq ID: 104774 http://www.securityfocus.com/bid/104774 http://www.securitytracker.com/id/1041302 Common Vulnerability Exposure (CVE) ID: CVE-2018-2940 RedHat Security Advisories: RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2253 RedHat Security Advisories: RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2254 RedHat Security Advisories: RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2255 RedHat Security Advisories: RHSA-2018:2256 https://access.redhat.com/errata/RHSA-2018:2256 RedHat Security Advisories: RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 RedHat Security Advisories: RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2569 RedHat Security Advisories: RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 RedHat Security Advisories: RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2576 RedHat Security Advisories: RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2712 RedHat Security Advisories: RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 RedHat Security Advisories: RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007 RedHat Security Advisories: RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008 BugTraq ID: 104768 http://www.securityfocus.com/bid/104768 Common Vulnerability Exposure (CVE) ID: CVE-2018-2952 https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html Debian Security Information: DSA-4268 (Google Search) https://www.debian.org/security/2018/dsa-4268 RedHat Security Advisories: RHSA-2018:2241 https://access.redhat.com/errata/RHSA-2018:2241 RedHat Security Advisories: RHSA-2018:2242 https://access.redhat.com/errata/RHSA-2018:2242 RedHat Security Advisories: RHSA-2018:2283 https://access.redhat.com/errata/RHSA-2018:2283 RedHat Security Advisories: RHSA-2018:2286 https://access.redhat.com/errata/RHSA-2018:2286 https://usn.ubuntu.com/3734-1/ https://usn.ubuntu.com/3735-1/ https://usn.ubuntu.com/3747-1/ BugTraq ID: 104765 http://www.securityfocus.com/bid/104765 Common Vulnerability Exposure (CVE) ID: CVE-2018-2973 BugTraq ID: 104773 http://www.securityfocus.com/bid/104773
Copyright	Copyright (C) 2018 Greenbone Networks GmbH