ID de Prueba:	1.3.6.1.4.1.25623.1.0.871639
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for java-1.8.0-openjdk RHSA-2016:1458-01
Resumen:	The remote host is missing an update for the 'java-1.8.0-openjdk'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1.8.0-openjdk' package(s) announced via the referenced advisory. Vulnerability Insight: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Affected Software/OS: java-1.8.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3458 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 BugTraq ID: 91945 http://www.securityfocus.com/bid/91945 Debian Security Information: DSA-3641 (Google Search) http://www.debian.org/security/2016/dsa-3641 https://security.gentoo.org/glsa/201610-08 https://security.gentoo.org/glsa/201701-43 RedHat Security Advisories: RHSA-2016:1458 https://access.redhat.com/errata/RHSA-2016:1458 RedHat Security Advisories: RHSA-2016:1475 https://access.redhat.com/errata/RHSA-2016:1475 RedHat Security Advisories: RHSA-2016:1476 https://access.redhat.com/errata/RHSA-2016:1476 RedHat Security Advisories: RHSA-2016:1477 https://access.redhat.com/errata/RHSA-2016:1477 RedHat Security Advisories: RHSA-2016:1504 http://rhn.redhat.com/errata/RHSA-2016-1504.html RedHat Security Advisories: RHSA-2016:1776 http://rhn.redhat.com/errata/RHSA-2016-1776.html http://www.securitytracker.com/id/1036365 SuSE Security Announcement: SUSE-SU-2016:1997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html SuSE Security Announcement: SUSE-SU-2016:2012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html SuSE Security Announcement: openSUSE-SU-2016:1979 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html SuSE Security Announcement: openSUSE-SU-2016:2050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html SuSE Security Announcement: openSUSE-SU-2016:2051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:2052 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html SuSE Security Announcement: openSUSE-SU-2016:2058 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://www.ubuntu.com/usn/USN-3043-1 http://www.ubuntu.com/usn/USN-3062-1 http://www.ubuntu.com/usn/USN-3077-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3500 Common Vulnerability Exposure (CVE) ID: CVE-2016-3508 BugTraq ID: 91972 http://www.securityfocus.com/bid/91972 Common Vulnerability Exposure (CVE) ID: CVE-2016-3550 BugTraq ID: 91951 http://www.securityfocus.com/bid/91951 Common Vulnerability Exposure (CVE) ID: CVE-2016-3587 BugTraq ID: 91904 http://www.securityfocus.com/bid/91904 Common Vulnerability Exposure (CVE) ID: CVE-2016-3598 BugTraq ID: 91918 http://www.securityfocus.com/bid/91918 RedHat Security Advisories: RHSA-2016:1587 http://rhn.redhat.com/errata/RHSA-2016-1587.html RedHat Security Advisories: RHSA-2016:1588 http://rhn.redhat.com/errata/RHSA-2016-1588.html RedHat Security Advisories: RHSA-2016:1589 http://rhn.redhat.com/errata/RHSA-2016-1589.html RedHat Security Advisories: RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 SuSE Security Announcement: SUSE-SU-2016:2261 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2286 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3606 BugTraq ID: 91912 http://www.securityfocus.com/bid/91912 Common Vulnerability Exposure (CVE) ID: CVE-2016-3610 BugTraq ID: 91930 http://www.securityfocus.com/bid/91930
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.