English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 143769 CVE Beschreibungen
und 71225 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.852014
Kategorie:SuSE Local Security Checks
Titel:SuSE Update for java-1_8_0-openjdk openSUSE-SU-2018:3057-1 (java-1_8_0-openjdk)
Zusammenfassung:The remote host is missing an update for the 'java-1_8_0-openjdk'; package(s) announced via the openSUSE-SU-2018:3057_1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'java-1_8_0-openjdk'
package(s) announced via the openSUSE-SU-2018:3057_1 advisory.

Vulnerability Insight:
This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release
fixes the following issues:

These security issues were fixed:

- CVE-2018-2938: Difficult to exploit vulnerability allowed
unauthenticated attacker with network access via multiple protocols to
compromise Java SE. Successful attacks of this vulnerability can result
in takeover of Java SE (bsc#1101644).

- CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily
exploitable vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks require human interaction from a person other than
the attacker. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of Java SE, Java SE Embedded
accessible data (bsc#1101645)

- CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to
exploit vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS)
of Java SE, Java SE Embedded, JRockit (bsc#1101651)

- CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit
vulnerability allowed unauthenticated attacker with network access via
SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of
this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Java SE, Java SE Embedded
accessible data (bsc#1101656)

These non-security issues were fixed:

- Improve desktop file usage

- Better Internet address support

- speculative traps break when classes are redefined

- sun/security/pkcs11/ec/ReadCertificates.java fails intermittently

- Clean up code that saves the previous versions of redefined classes

- Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links

- RedefineClasses() tests fail assert(((Metadata*)obj)- is_valid())
failed: obj is valid

- NMT is not enabled if NMT option is specified after class path specifiers

- EndEntityChecker should not process custom extensions after PKIX
validation

- SupportedDSAParamGen.java failed with timeout

- Montgomery multiply intrinsic should use correct name

- When determining the ciphersuite lists, there is no debug output for
disabled suites.

- sun/security/mscapi/SignedObjectChain.java fails on Windows

- On Windows Swing changes keyboard layout on a window activation

- ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1_8_0-openjdk on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-2938
BugTraq ID: 104774
http://www.securityfocus.com/bid/104774
http://www.securitytracker.com/id/1041302
Common Vulnerability Exposure (CVE) ID: CVE-2018-2940
RedHat Security Advisories: RHSA-2018:2253
https://access.redhat.com/errata/RHSA-2018:2253
RedHat Security Advisories: RHSA-2018:2254
https://access.redhat.com/errata/RHSA-2018:2254
RedHat Security Advisories: RHSA-2018:2255
https://access.redhat.com/errata/RHSA-2018:2255
RedHat Security Advisories: RHSA-2018:2256
https://access.redhat.com/errata/RHSA-2018:2256
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2569
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2576
https://access.redhat.com/errata/RHSA-2018:2576
RedHat Security Advisories: RHSA-2018:2712
https://access.redhat.com/errata/RHSA-2018:2712
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
RedHat Security Advisories: RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3007
RedHat Security Advisories: RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3008
BugTraq ID: 104768
http://www.securityfocus.com/bid/104768
Common Vulnerability Exposure (CVE) ID: CVE-2018-2952
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
Debian Security Information: DSA-4268 (Google Search)
https://www.debian.org/security/2018/dsa-4268
RedHat Security Advisories: RHSA-2018:2241
https://access.redhat.com/errata/RHSA-2018:2241
RedHat Security Advisories: RHSA-2018:2242
https://access.redhat.com/errata/RHSA-2018:2242
RedHat Security Advisories: RHSA-2018:2283
https://access.redhat.com/errata/RHSA-2018:2283
RedHat Security Advisories: RHSA-2018:2286
https://access.redhat.com/errata/RHSA-2018:2286
https://usn.ubuntu.com/3734-1/
https://usn.ubuntu.com/3735-1/
https://usn.ubuntu.com/3747-1/
BugTraq ID: 104765
http://www.securityfocus.com/bid/104765
Common Vulnerability Exposure (CVE) ID: CVE-2018-2973
BugTraq ID: 104773
http://www.securityfocus.com/bid/104773
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 71225 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde

© 1998-2019 E-Soft Inc. Alle Rechte vorbehalten.