Test ID:	1.3.6.1.4.1.25623.1.0.843158
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3275-1)
Summary:	The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3275-1 advisory.
Description:	Summary: The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3275-1 advisory. Vulnerability Insight: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension (JCE) component of OpenJDK. A local attacker could possibly use this to gain the privileges of a Java application. (CVE-2017-3511) It was discovered that the Java API for XML Processing (JAXP) component in OpenJDK did not properly enforce size limits when parsing XML documents. An attacker could use this to cause a denial of service (processor and memory consumption). (CVE-2017-3526) It was discovered that the FTP client implementation in OpenJDK did not properly sanitize user inputs. If a user was tricked into opening a specially crafted FTP URL, a remote attacker could use this to manipulate the FTP connection. (CVE-2017-3533) It was discovered that OpenJDK allowed MD5 to be used as an algorithm for JAR integrity verification. An attacker could possibly use this to modify the contents of a JAR file without detection. (CVE-2017-3539) It was discovered that the SMTP client implementation in OpenJDK did not properly sanitize sender and recipient addresses. A remote attacker could use this to specially craft email addresses and gain control of a Java application's SMTP connections. (CVE-2017-3544) Affected Software/OS: 'openjdk-8' package(s) on Ubuntu 16.04, Ubuntu 16.10, Ubuntu 17.04. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3509 BugTraq ID: 97737 http://www.securityfocus.com/bid/97737 Debian Security Information: DSA-3858 (Google Search) http://www.debian.org/security/2017/dsa-3858 https://security.gentoo.org/glsa/201705-03 https://security.gentoo.org/glsa/201707-01 RedHat Security Advisories: RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1108 RedHat Security Advisories: RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1109 RedHat Security Advisories: RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1117 RedHat Security Advisories: RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1118 RedHat Security Advisories: RHSA-2017:1119 https://access.redhat.com/errata/RHSA-2017:1119 RedHat Security Advisories: RHSA-2017:1204 https://access.redhat.com/errata/RHSA-2017:1204 RedHat Security Advisories: RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1220 RedHat Security Advisories: RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1221 RedHat Security Advisories: RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:1222 RedHat Security Advisories: RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453 http://www.securitytracker.com/id/1038286 Common Vulnerability Exposure (CVE) ID: CVE-2017-3511 BugTraq ID: 97731 http://www.securityfocus.com/bid/97731 Common Vulnerability Exposure (CVE) ID: CVE-2017-3526 BugTraq ID: 97733 http://www.securityfocus.com/bid/97733 Common Vulnerability Exposure (CVE) ID: CVE-2017-3533 BugTraq ID: 97740 http://www.securityfocus.com/bid/97740 Common Vulnerability Exposure (CVE) ID: CVE-2017-3539 BugTraq ID: 97752 http://www.securityfocus.com/bid/97752 Common Vulnerability Exposure (CVE) ID: CVE-2017-3544 BugTraq ID: 97745 http://www.securityfocus.com/bid/97745
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.