English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.852014
Category:SuSE Local Security Checks
Title:SuSE Update for java-1_8_0-openjdk openSUSE-SU-2018:3057-1 (java-1_8_0-openjdk)
Summary:The remote host is missing an update for the 'java-1_8_0-openjdk'; package(s) announced via the openSUSE-SU-2018:3057_1 advisory.
Description:Summary:
The remote host is missing an update for the 'java-1_8_0-openjdk'
package(s) announced via the openSUSE-SU-2018:3057_1 advisory.

Vulnerability Insight:
This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release
fixes the following issues:

These security issues were fixed:

- CVE-2018-2938: Difficult to exploit vulnerability allowed
unauthenticated attacker with network access via multiple protocols to
compromise Java SE. Successful attacks of this vulnerability can result
in takeover of Java SE (bsc#1101644).

- CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily
exploitable vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks require human interaction from a person other than
the attacker. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of Java SE, Java SE Embedded
accessible data (bsc#1101645)

- CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to
exploit vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS)
of Java SE, Java SE Embedded, JRockit (bsc#1101651)

- CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit
vulnerability allowed unauthenticated attacker with network access via
SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of
this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Java SE, Java SE Embedded
accessible data (bsc#1101656)

These non-security issues were fixed:

- Improve desktop file usage

- Better Internet address support

- speculative traps break when classes are redefined

- sun/security/pkcs11/ec/ReadCertificates.java fails intermittently

- Clean up code that saves the previous versions of redefined classes

- Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links

- RedefineClasses() tests fail assert(((Metadata*)obj)- is_valid())
failed: obj is valid

- NMT is not enabled if NMT option is specified after class path specifiers

- EndEntityChecker should not process custom extensions after PKIX
validation

- SupportedDSAParamGen.java failed with timeout

- Montgomery multiply intrinsic should use correct name

- When determining the ciphersuite lists, there is no debug output for
disabled suites.

- sun/security/mscapi/SignedObjectChain.java fails on Windows

- On Windows Swing changes keyboard layout on a window activation

- ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1_8_0-openjdk on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-2938
BugTraq ID: 104774
http://www.securityfocus.com/bid/104774
http://www.securitytracker.com/id/1041302
Common Vulnerability Exposure (CVE) ID: CVE-2018-2940
RedHat Security Advisories: RHSA-2018:2253
https://access.redhat.com/errata/RHSA-2018:2253
RedHat Security Advisories: RHSA-2018:2254
https://access.redhat.com/errata/RHSA-2018:2254
RedHat Security Advisories: RHSA-2018:2255
https://access.redhat.com/errata/RHSA-2018:2255
RedHat Security Advisories: RHSA-2018:2256
https://access.redhat.com/errata/RHSA-2018:2256
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2569
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2576
https://access.redhat.com/errata/RHSA-2018:2576
RedHat Security Advisories: RHSA-2018:2712
https://access.redhat.com/errata/RHSA-2018:2712
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
RedHat Security Advisories: RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3007
RedHat Security Advisories: RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3008
BugTraq ID: 104768
http://www.securityfocus.com/bid/104768
Common Vulnerability Exposure (CVE) ID: CVE-2018-2952
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
Debian Security Information: DSA-4268 (Google Search)
https://www.debian.org/security/2018/dsa-4268
RedHat Security Advisories: RHSA-2018:2241
https://access.redhat.com/errata/RHSA-2018:2241
RedHat Security Advisories: RHSA-2018:2242
https://access.redhat.com/errata/RHSA-2018:2242
RedHat Security Advisories: RHSA-2018:2283
https://access.redhat.com/errata/RHSA-2018:2283
RedHat Security Advisories: RHSA-2018:2286
https://access.redhat.com/errata/RHSA-2018:2286
https://usn.ubuntu.com/3734-1/
https://usn.ubuntu.com/3735-1/
https://usn.ubuntu.com/3747-1/
BugTraq ID: 104765
http://www.securityfocus.com/bid/104765
Common Vulnerability Exposure (CVE) ID: CVE-2018-2973
BugTraq ID: 104773
http://www.securityfocus.com/bid/104773
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.