Test ID:	1.3.6.1.4.1.25623.1.0.842941
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3121-1)
Summary:	The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3121-1 advisory.
Description:	Summary: The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3121-1 advisory. Vulnerability Insight: It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could use this to send debugging commands to a Java application with debugging enabled. (CVE-2016-5573) It was discovered that OpenJDK did not properly handle HTTP proxy authentication. An attacker could use this to expose HTTPS server authentication credentials. (CVE-2016-5597) Affected Software/OS: 'openjdk-8' package(s) on Ubuntu 16.04, Ubuntu 16.10. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5542 BugTraq ID: 93643 http://www.securityfocus.com/bid/93643 Debian Security Information: DSA-3707 (Google Search) http://www.debian.org/security/2016/dsa-3707 https://security.gentoo.org/glsa/201611-04 https://security.gentoo.org/glsa/201701-43 RedHat Security Advisories: RHSA-2016:2079 http://rhn.redhat.com/errata/RHSA-2016-2079.html RedHat Security Advisories: RHSA-2016:2088 http://rhn.redhat.com/errata/RHSA-2016-2088.html RedHat Security Advisories: RHSA-2016:2089 http://rhn.redhat.com/errata/RHSA-2016-2089.html RedHat Security Advisories: RHSA-2016:2090 http://rhn.redhat.com/errata/RHSA-2016-2090.html RedHat Security Advisories: RHSA-2016:2136 http://rhn.redhat.com/errata/RHSA-2016-2136.html RedHat Security Advisories: RHSA-2016:2137 http://rhn.redhat.com/errata/RHSA-2016-2137.html RedHat Security Advisories: RHSA-2016:2138 http://rhn.redhat.com/errata/RHSA-2016-2138.html RedHat Security Advisories: RHSA-2016:2658 http://rhn.redhat.com/errata/RHSA-2016-2658.html RedHat Security Advisories: RHSA-2016:2659 http://rhn.redhat.com/errata/RHSA-2016-2659.html RedHat Security Advisories: RHSA-2017:0061 http://rhn.redhat.com/errata/RHSA-2017-0061.html RedHat Security Advisories: RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 http://www.securitytracker.com/id/1037040 http://www.ubuntu.com/usn/USN-3130-1 http://www.ubuntu.com/usn/USN-3154-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5554 BugTraq ID: 93637 http://www.securityfocus.com/bid/93637 Common Vulnerability Exposure (CVE) ID: CVE-2016-5573 BugTraq ID: 93628 http://www.securityfocus.com/bid/93628 Common Vulnerability Exposure (CVE) ID: CVE-2016-5582 BugTraq ID: 93623 http://www.securityfocus.com/bid/93623 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2016-5597 BugTraq ID: 93636 http://www.securityfocus.com/bid/93636
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.