Test ID:	1.3.6.1.4.1.25623.1.0.851381
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:2050-1)
Summary:	The remote host is missing an update for the 'java-1_7_0-openjdk'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'java-1_7_0-openjdk' package(s) announced via the referenced advisory. Vulnerability Insight: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac - Xlint:all, -deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparsable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in clinit of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: java-1_7_0-openjdk on openSUSE 13.2 Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3458 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 BugTraq ID: 91945 http://www.securityfocus.com/bid/91945 Debian Security Information: DSA-3641 (Google Search) http://www.debian.org/security/2016/dsa-3641 https://security.gentoo.org/glsa/201610-08 https://security.gentoo.org/glsa/201701-43 RedHat Security Advisories: RHSA-2016:1458 https://access.redhat.com/errata/RHSA-2016:1458 RedHat Security Advisories: RHSA-2016:1475 https://access.redhat.com/errata/RHSA-2016:1475 RedHat Security Advisories: RHSA-2016:1476 https://access.redhat.com/errata/RHSA-2016:1476 RedHat Security Advisories: RHSA-2016:1477 https://access.redhat.com/errata/RHSA-2016:1477 RedHat Security Advisories: RHSA-2016:1504 http://rhn.redhat.com/errata/RHSA-2016-1504.html RedHat Security Advisories: RHSA-2016:1776 http://rhn.redhat.com/errata/RHSA-2016-1776.html http://www.securitytracker.com/id/1036365 SuSE Security Announcement: SUSE-SU-2016:1997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html SuSE Security Announcement: SUSE-SU-2016:2012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html SuSE Security Announcement: openSUSE-SU-2016:1979 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html SuSE Security Announcement: openSUSE-SU-2016:2050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html SuSE Security Announcement: openSUSE-SU-2016:2051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:2052 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html SuSE Security Announcement: openSUSE-SU-2016:2058 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://www.ubuntu.com/usn/USN-3043-1 http://www.ubuntu.com/usn/USN-3062-1 http://www.ubuntu.com/usn/USN-3077-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3485 SuSE Security Announcement: SUSE-SU-2016:2261 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2286 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3498 BugTraq ID: 91956 http://www.securityfocus.com/bid/91956 Common Vulnerability Exposure (CVE) ID: CVE-2016-3500 Common Vulnerability Exposure (CVE) ID: CVE-2016-3503 BugTraq ID: 91996 http://www.securityfocus.com/bid/91996 Common Vulnerability Exposure (CVE) ID: CVE-2016-3508 BugTraq ID: 91972 http://www.securityfocus.com/bid/91972 Common Vulnerability Exposure (CVE) ID: CVE-2016-3511 BugTraq ID: 91990 http://www.securityfocus.com/bid/91990 RedHat Security Advisories: RHSA-2016:1587 http://rhn.redhat.com/errata/RHSA-2016-1587.html RedHat Security Advisories: RHSA-2016:1588 http://rhn.redhat.com/errata/RHSA-2016-1588.html RedHat Security Advisories: RHSA-2016:1589 http://rhn.redhat.com/errata/RHSA-2016-1589.html RedHat Security Advisories: RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 Common Vulnerability Exposure (CVE) ID: CVE-2016-3550 BugTraq ID: 91951 http://www.securityfocus.com/bid/91951 Common Vulnerability Exposure (CVE) ID: CVE-2016-3598 BugTraq ID: 91918 http://www.securityfocus.com/bid/91918 Common Vulnerability Exposure (CVE) ID: CVE-2016-3606 BugTraq ID: 91912 http://www.securityfocus.com/bid/91912 Common Vulnerability Exposure (CVE) ID: CVE-2016-3610 BugTraq ID: 91930 http://www.securityfocus.com/bid/91930
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.