Test Kennung:	1.3.6.1.4.1.25623.1.0.844315
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu: Security Advisory for openjdk-8 (USN-4257-1)
Zusammenfassung:	The remote host is missing an update for the 'openjdk-8'; package(s) announced via the USN-4257-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openjdk-8' package(s) announced via the USN-4257-1 advisory. Vulnerability Insight: It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An unauthenticated remote attacker with network access via Kerberos could possibly use this issue to insert, modify or obtain sensitive information. (CVE-2020-2590) It was discovered that OpenJDK incorrectly validated URLs. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2593) It was discovered that OpenJDK Security component still used MD5 algorithm. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-2601) It was discovered that OpenJDK incorrectly handled the application of serialization filters. An attacker could possibly use this issue to bypass the intended filter during serialization. (CVE-2020-2604) Bo Zhang and Long Kuan discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2654) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robertdiscovered that OpenJDK incorrectly handled CertificateVerify TLS handshake messages. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2655) It was discovered that OpenJDK incorrectly enforced the limit of datagram sockets that can be created by a code running within a Java sandbox. An attacker could possibly use this issue to bypass the sandbox restrictions causing a denial of service. This issue only affected OpenJDK 8. (CVE-2020-2659) Affected Software/OS: 'openjdk-8' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-2583 Bugtraq: 20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update (Google Search) https://seclists.org/bugtraq/2020/Jan/24 Bugtraq: 20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update (Google Search) https://seclists.org/bugtraq/2020/Feb/22 Debian Security Information: DSA-4605 (Google Search) https://www.debian.org/security/2020/dsa-4605 Debian Security Information: DSA-4621 (Google Search) https://www.debian.org/security/2020/dsa-4621 https://security.gentoo.org/glsa/202101-19 https://www.oracle.com/security-alerts/cpujan2020.html https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html RedHat Security Advisories: RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0122 RedHat Security Advisories: RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0128 RedHat Security Advisories: RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0157 RedHat Security Advisories: RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0196 RedHat Security Advisories: RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0202 RedHat Security Advisories: RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0231 RedHat Security Advisories: RHSA-2020:0232 https://access.redhat.com/errata/RHSA-2020:0232 RedHat Security Advisories: RHSA-2020:0465 https://access.redhat.com/errata/RHSA-2020:0465 RedHat Security Advisories: RHSA-2020:0467 https://access.redhat.com/errata/RHSA-2020:0467 RedHat Security Advisories: RHSA-2020:0468 https://access.redhat.com/errata/RHSA-2020:0468 RedHat Security Advisories: RHSA-2020:0469 https://access.redhat.com/errata/RHSA-2020:0469 RedHat Security Advisories: RHSA-2020:0470 https://access.redhat.com/errata/RHSA-2020:0470 RedHat Security Advisories: RHSA-2020:0541 https://access.redhat.com/errata/RHSA-2020:0541 RedHat Security Advisories: RHSA-2020:0632 https://access.redhat.com/errata/RHSA-2020:0632 SuSE Security Announcement: openSUSE-SU-2020:0113 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html SuSE Security Announcement: openSUSE-SU-2020:0147 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://usn.ubuntu.com/4257-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-2590 Common Vulnerability Exposure (CVE) ID: CVE-2020-2593 Common Vulnerability Exposure (CVE) ID: CVE-2020-2601 Common Vulnerability Exposure (CVE) ID: CVE-2020-2604 https://kc.mcafee.com/corporate/index?page=content&id=SB10315 https://security.netapp.com/advisory/ntap-20200122-0003/ https://www.oracle.com/security-alerts/cpujul2021.html Common Vulnerability Exposure (CVE) ID: CVE-2020-2654 Common Vulnerability Exposure (CVE) ID: CVE-2020-2655 Common Vulnerability Exposure (CVE) ID: CVE-2020-2659
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.