|
Test Kennung: | 1.3.6.1.4.1.25623.1.0.852014 |
Kategorie: | SuSE Local Security Checks |
Titel: | SuSE Update for java-1_8_0-openjdk openSUSE-SU-2018:3057-1 (java-1_8_0-openjdk) |
Zusammenfassung: | The remote host is missing an update for the 'java-1_8_0-openjdk'; package(s) announced via the openSUSE-SU-2018:3057_1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the openSUSE-SU-2018:3057_1 advisory. Vulnerability Insight: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)- is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: java-1_8_0-openjdk on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-2938 BugTraq ID: 104774 http://www.securityfocus.com/bid/104774 http://www.securitytracker.com/id/1041302 Common Vulnerability Exposure (CVE) ID: CVE-2018-2940 RedHat Security Advisories: RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2253 RedHat Security Advisories: RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2254 RedHat Security Advisories: RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2255 RedHat Security Advisories: RHSA-2018:2256 https://access.redhat.com/errata/RHSA-2018:2256 RedHat Security Advisories: RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 RedHat Security Advisories: RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2569 RedHat Security Advisories: RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 RedHat Security Advisories: RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2576 RedHat Security Advisories: RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2712 RedHat Security Advisories: RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 RedHat Security Advisories: RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007 RedHat Security Advisories: RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008 BugTraq ID: 104768 http://www.securityfocus.com/bid/104768 Common Vulnerability Exposure (CVE) ID: CVE-2018-2952 https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html Debian Security Information: DSA-4268 (Google Search) https://www.debian.org/security/2018/dsa-4268 RedHat Security Advisories: RHSA-2018:2241 https://access.redhat.com/errata/RHSA-2018:2241 RedHat Security Advisories: RHSA-2018:2242 https://access.redhat.com/errata/RHSA-2018:2242 RedHat Security Advisories: RHSA-2018:2283 https://access.redhat.com/errata/RHSA-2018:2283 RedHat Security Advisories: RHSA-2018:2286 https://access.redhat.com/errata/RHSA-2018:2286 https://usn.ubuntu.com/3734-1/ https://usn.ubuntu.com/3735-1/ https://usn.ubuntu.com/3747-1/ BugTraq ID: 104765 http://www.securityfocus.com/bid/104765 Common Vulnerability Exposure (CVE) ID: CVE-2018-2973 BugTraq ID: 104773 http://www.securityfocus.com/bid/104773 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 71225 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |
|