Test ID:	1.3.6.1.4.1.25623.1.0.843265
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3366-2)
Summary:	The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3366-2 advisory.
Description:	Summary: The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-3366-2 advisory. Vulnerability Insight: USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067) It was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. (CVE-2017-10074) It was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs. An attacker could use this to specially craft JavaScript code to bypass access restrictions. (CVE-2017-10078) It was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081) It was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087) It was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. (CVE-2017-10089) It was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10090) It was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10096) It was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'openjdk-8' package(s) on Ubuntu 16.04, Ubuntu 17.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10053 BugTraq ID: 99842 http://www.securityfocus.com/bid/99842 Debian Security Information: DSA-3919 (Google Search) http://www.debian.org/security/2017/dsa-3919 Debian Security Information: DSA-3954 (Google Search) http://www.debian.org/security/2017/dsa-3954 https://security.gentoo.org/glsa/201709-22 RedHat Security Advisories: RHSA-2017:1789 https://access.redhat.com/errata/RHSA-2017:1789 RedHat Security Advisories: RHSA-2017:1790 https://access.redhat.com/errata/RHSA-2017:1790 RedHat Security Advisories: RHSA-2017:1791 https://access.redhat.com/errata/RHSA-2017:1791 RedHat Security Advisories: RHSA-2017:1792 https://access.redhat.com/errata/RHSA-2017:1792 RedHat Security Advisories: RHSA-2017:2424 https://access.redhat.com/errata/RHSA-2017:2424 RedHat Security Advisories: RHSA-2017:2469 https://access.redhat.com/errata/RHSA-2017:2469 RedHat Security Advisories: RHSA-2017:2481 https://access.redhat.com/errata/RHSA-2017:2481 RedHat Security Advisories: RHSA-2017:2530 https://access.redhat.com/errata/RHSA-2017:2530 RedHat Security Advisories: RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453 http://www.securitytracker.com/id/1038931 Common Vulnerability Exposure (CVE) ID: CVE-2017-10067 BugTraq ID: 99756 http://www.securityfocus.com/bid/99756 Common Vulnerability Exposure (CVE) ID: CVE-2017-10074 BugTraq ID: 99731 http://www.securityfocus.com/bid/99731 Common Vulnerability Exposure (CVE) ID: CVE-2017-10078 BugTraq ID: 99752 http://www.securityfocus.com/bid/99752 Common Vulnerability Exposure (CVE) ID: CVE-2017-10081 BugTraq ID: 99853 http://www.securityfocus.com/bid/99853 Common Vulnerability Exposure (CVE) ID: CVE-2017-10087 BugTraq ID: 99703 http://www.securityfocus.com/bid/99703 Common Vulnerability Exposure (CVE) ID: CVE-2017-10089 BugTraq ID: 99659 http://www.securityfocus.com/bid/99659 Common Vulnerability Exposure (CVE) ID: CVE-2017-10090 BugTraq ID: 99706 http://www.securityfocus.com/bid/99706 Common Vulnerability Exposure (CVE) ID: CVE-2017-10096 BugTraq ID: 99670 http://www.securityfocus.com/bid/99670
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.