Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-3366-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.843258
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3366-1)
Summary:	The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3366-1 advisory.
Description:	Summary: The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3366-1 advisory. Vulnerability Insight: It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067) It was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. (CVE-2017-10074) It was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs. An attacker could use this to specially craft JavaScript code to bypass access restrictions. (CVE-2017-10078) It was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081) It was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087) It was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. (CVE-2017-10089) It was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10090) It was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10096) It was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101) It was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code. (CVE-2017-10102) It was discovered ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'openjdk-8' package(s) on Ubuntu 16.04, Ubuntu 17.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10053 BugTraq ID: 99842 http://www.securityfocus.com/bid/99842 Debian Security Information: DSA-3919 (Google Search) http://www.debian.org/security/2017/dsa-3919 Debian Security Information: DSA-3954 (Google Search) http://www.debian.org/security/2017/dsa-3954 https://security.gentoo.org/glsa/201709-22 RedHat Security Advisories: RHSA-2017:1789 https://access.redhat.com/errata/RHSA-2017:1789 RedHat Security Advisories: RHSA-2017:1790 https://access.redhat.com/errata/RHSA-2017:1790 RedHat Security Advisories: RHSA-2017:1791 https://access.redhat.com/errata/RHSA-2017:1791 RedHat Security Advisories: RHSA-2017:1792 https://access.redhat.com/errata/RHSA-2017:1792 RedHat Security Advisories: RHSA-2017:2424 https://access.redhat.com/errata/RHSA-2017:2424 RedHat Security Advisories: RHSA-2017:2469 https://access.redhat.com/errata/RHSA-2017:2469 RedHat Security Advisories: RHSA-2017:2481 https://access.redhat.com/errata/RHSA-2017:2481 RedHat Security Advisories: RHSA-2017:2530 https://access.redhat.com/errata/RHSA-2017:2530 RedHat Security Advisories: RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453 http://www.securitytracker.com/id/1038931 Common Vulnerability Exposure (CVE) ID: CVE-2017-10067 BugTraq ID: 99756 http://www.securityfocus.com/bid/99756 Common Vulnerability Exposure (CVE) ID: CVE-2017-10074 BugTraq ID: 99731 http://www.securityfocus.com/bid/99731 Common Vulnerability Exposure (CVE) ID: CVE-2017-10078 BugTraq ID: 99752 http://www.securityfocus.com/bid/99752 Common Vulnerability Exposure (CVE) ID: CVE-2017-10081 BugTraq ID: 99853 http://www.securityfocus.com/bid/99853 Common Vulnerability Exposure (CVE) ID: CVE-2017-10087 BugTraq ID: 99703 http://www.securityfocus.com/bid/99703 Common Vulnerability Exposure (CVE) ID: CVE-2017-10089 BugTraq ID: 99659 http://www.securityfocus.com/bid/99659 Common Vulnerability Exposure (CVE) ID: CVE-2017-10090 BugTraq ID: 99706 http://www.securityfocus.com/bid/99706 Common Vulnerability Exposure (CVE) ID: CVE-2017-10096 BugTraq ID: 99670 http://www.securityfocus.com/bid/99670 Common Vulnerability Exposure (CVE) ID: CVE-2017-10101 BugTraq ID: 99674 http://www.securityfocus.com/bid/99674 Common Vulnerability Exposure (CVE) ID: CVE-2017-10102 BugTraq ID: 99712 http://www.securityfocus.com/bid/99712 Common Vulnerability Exposure (CVE) ID: CVE-2017-10107 BugTraq ID: 99719 http://www.securityfocus.com/bid/99719 Common Vulnerability Exposure (CVE) ID: CVE-2017-10108 BugTraq ID: 99846 http://www.securityfocus.com/bid/99846 Common Vulnerability Exposure (CVE) ID: CVE-2017-10109 BugTraq ID: 99847 http://www.securityfocus.com/bid/99847 Common Vulnerability Exposure (CVE) ID: CVE-2017-10110 BugTraq ID: 99643 http://www.securityfocus.com/bid/99643 Common Vulnerability Exposure (CVE) ID: CVE-2017-10111 BugTraq ID: 99707 http://www.securityfocus.com/bid/99707 Common Vulnerability Exposure (CVE) ID: CVE-2017-10115 BugTraq ID: 99774 http://www.securityfocus.com/bid/99774 Common Vulnerability Exposure (CVE) ID: CVE-2017-10116 BugTraq ID: 99734 http://www.securityfocus.com/bid/99734 Common Vulnerability Exposure (CVE) ID: CVE-2017-10118 BugTraq ID: 99782 http://www.securityfocus.com/bid/99782 Common Vulnerability Exposure (CVE) ID: CVE-2017-10135 BugTraq ID: 99839 http://www.securityfocus.com/bid/99839 Common Vulnerability Exposure (CVE) ID: CVE-2017-10176 BugTraq ID: 99788 http://www.securityfocus.com/bid/99788 Common Vulnerability Exposure (CVE) ID: CVE-2017-10193 BugTraq ID: 99854 http://www.securityfocus.com/bid/99854 RedHat Security Advisories: RHSA-2017:3392 https://access.redhat.com/errata/RHSA-2017:3392 Common Vulnerability Exposure (CVE) ID: CVE-2017-10198 BugTraq ID: 99818 http://www.securityfocus.com/bid/99818 Common Vulnerability Exposure (CVE) ID: CVE-2017-10243 BugTraq ID: 99827 http://www.securityfocus.com/bid/99827
Copyright	Copyright (C) 2017 Greenbone AG