 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2016.1997.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2016:1997-1) |
| Summary: | The remote host is missing an update for the 'java-1_7_0-openjdk' package(s) announced via the SUSE-SU-2016:1997-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'java-1_7_0-openjdk' package(s) announced via the SUSE-SU-2016:1997-1 advisory. Vulnerability Insight: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'java-1_7_0-openjdk' package(s) on SUSE Linux Enterprise Desktop 12-SP1, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server for SAP Applications 12-SP1. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-3458 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 BugTraq ID: 91945 http://www.securityfocus.com/bid/91945 Debian Security Information: DSA-3641 (Google Search) http://www.debian.org/security/2016/dsa-3641 https://security.gentoo.org/glsa/201610-08 https://security.gentoo.org/glsa/201701-43 RedHat Security Advisories: RHSA-2016:1458 https://access.redhat.com/errata/RHSA-2016:1458 RedHat Security Advisories: RHSA-2016:1475 https://access.redhat.com/errata/RHSA-2016:1475 RedHat Security Advisories: RHSA-2016:1476 https://access.redhat.com/errata/RHSA-2016:1476 RedHat Security Advisories: RHSA-2016:1477 https://access.redhat.com/errata/RHSA-2016:1477 RedHat Security Advisories: RHSA-2016:1504 http://rhn.redhat.com/errata/RHSA-2016-1504.html RedHat Security Advisories: RHSA-2016:1776 http://rhn.redhat.com/errata/RHSA-2016-1776.html http://www.securitytracker.com/id/1036365 SuSE Security Announcement: SUSE-SU-2016:1997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html SuSE Security Announcement: SUSE-SU-2016:2012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html SuSE Security Announcement: openSUSE-SU-2016:1979 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html SuSE Security Announcement: openSUSE-SU-2016:2050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html SuSE Security Announcement: openSUSE-SU-2016:2051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:2052 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html SuSE Security Announcement: openSUSE-SU-2016:2058 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://www.ubuntu.com/usn/USN-3043-1 http://www.ubuntu.com/usn/USN-3062-1 http://www.ubuntu.com/usn/USN-3077-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3485 SuSE Security Announcement: SUSE-SU-2016:2261 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2286 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3498 BugTraq ID: 91956 http://www.securityfocus.com/bid/91956 Common Vulnerability Exposure (CVE) ID: CVE-2016-3500 Common Vulnerability Exposure (CVE) ID: CVE-2016-3503 BugTraq ID: 91996 http://www.securityfocus.com/bid/91996 Common Vulnerability Exposure (CVE) ID: CVE-2016-3508 BugTraq ID: 91972 http://www.securityfocus.com/bid/91972 Common Vulnerability Exposure (CVE) ID: CVE-2016-3511 BugTraq ID: 91990 http://www.securityfocus.com/bid/91990 RedHat Security Advisories: RHSA-2016:1587 http://rhn.redhat.com/errata/RHSA-2016-1587.html RedHat Security Advisories: RHSA-2016:1588 http://rhn.redhat.com/errata/RHSA-2016-1588.html RedHat Security Advisories: RHSA-2016:1589 http://rhn.redhat.com/errata/RHSA-2016-1589.html RedHat Security Advisories: RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 Common Vulnerability Exposure (CVE) ID: CVE-2016-3550 BugTraq ID: 91951 http://www.securityfocus.com/bid/91951 Common Vulnerability Exposure (CVE) ID: CVE-2016-3598 BugTraq ID: 91918 http://www.securityfocus.com/bid/91918 Common Vulnerability Exposure (CVE) ID: CVE-2016-3606 BugTraq ID: 91912 http://www.securityfocus.com/bid/91912 Common Vulnerability Exposure (CVE) ID: CVE-2016-3610 BugTraq ID: 91930 http://www.securityfocus.com/bid/91930 |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |