English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.851963
Category:SuSE Local Security Checks
Title:SuSE Update for java-10-openjdk openSUSE-SU-2018:2206-1 (java-10-openjdk)
Summary:The remote host is missing an update for the 'java-10-openjdk'; package(s) announced via the openSUSE-SU-2018:2206_1 advisory.
Description:Summary:
The remote host is missing an update for the 'java-10-openjdk'
package(s) announced via the openSUSE-SU-2018:2206_1 advisory.

Vulnerability Insight:
This update for OpenJDK 10.0.2 fixes the following security issues:

- CVE-2018-2940: the libraries sub-component contained an easily
exploitable vulnerability that allowed attackers to compromise Java SE
or Java SE Embedded over the network, potentially gaining unauthorized
read access to data that's accessible to the server. [bsc#1101645]

- CVE-2018-2952: the concurrency sub-component contained a difficult to
exploit vulnerability that allowed attackers to compromise Java SE, Java
SE Embedded,
or JRockit over the network. This issue could have been abused to mount
a partial denial-of-service attack on the server. [bsc#1101651]

- CVE-2018-2972: the security sub-component contained a difficult to
exploit vulnerability that allowed attackers to compromise Java SE over
the network, potentially gaining unauthorized access to critical data or
complete access to all Java SE accessible data. [bsc#1101655)

- CVE-2018-2973: the JSSE sub-component contained a difficult to exploit
vulnerability allowed attackers to compromise Java SE or Java SE Embedded
over the network, potentially gaining the ability to create, delete or
modify critical data or all Java SE, Java SE Embedded accessible data
without authorization. [bsc#1101656]

Furthermore, the following bugs were fixed:

- Properly remove the existing alternative for java before reinstalling
it. [bsc#1096420]

- idlj was moved to the *-devel package. [bsc#1096420]

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-810=1

Affected Software/OS:
java-10-openjdk on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-2940
RedHat Security Advisories: RHSA-2018:2253
https://access.redhat.com/errata/RHSA-2018:2253
RedHat Security Advisories: RHSA-2018:2254
https://access.redhat.com/errata/RHSA-2018:2254
RedHat Security Advisories: RHSA-2018:2255
https://access.redhat.com/errata/RHSA-2018:2255
RedHat Security Advisories: RHSA-2018:2256
https://access.redhat.com/errata/RHSA-2018:2256
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2569
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2576
https://access.redhat.com/errata/RHSA-2018:2576
RedHat Security Advisories: RHSA-2018:2712
https://access.redhat.com/errata/RHSA-2018:2712
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
RedHat Security Advisories: RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3007
RedHat Security Advisories: RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3008
BugTraq ID: 104768
http://www.securityfocus.com/bid/104768
http://www.securitytracker.com/id/1041302
Common Vulnerability Exposure (CVE) ID: CVE-2018-2952
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
Debian Security Information: DSA-4268 (Google Search)
https://www.debian.org/security/2018/dsa-4268
RedHat Security Advisories: RHSA-2018:2241
https://access.redhat.com/errata/RHSA-2018:2241
RedHat Security Advisories: RHSA-2018:2242
https://access.redhat.com/errata/RHSA-2018:2242
RedHat Security Advisories: RHSA-2018:2283
https://access.redhat.com/errata/RHSA-2018:2283
RedHat Security Advisories: RHSA-2018:2286
https://access.redhat.com/errata/RHSA-2018:2286
https://usn.ubuntu.com/3734-1/
https://usn.ubuntu.com/3735-1/
https://usn.ubuntu.com/3747-1/
BugTraq ID: 104765
http://www.securityfocus.com/bid/104765
Common Vulnerability Exposure (CVE) ID: CVE-2018-2972
BugTraq ID: 104782
http://www.securityfocus.com/bid/104782
Common Vulnerability Exposure (CVE) ID: CVE-2018-2973
BugTraq ID: 104773
http://www.securityfocus.com/bid/104773
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.