Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.2583.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:2583-1)
Summary:The remote host is missing an update for the 'java-1_7_1-ibm' package(s) announced via the SUSE-SU-2018:2583-1 advisory.
Description:Summary:
The remote host is missing an update for the 'java-1_7_1-ibm' package(s) announced via the SUSE-SU-2018:2583-1 advisory.

Vulnerability Insight:
This update for java-1_7_1-ibm to version 7.1.4.30 fixes the following issues:

Security issues fixed:
CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which
may allow an attacker to inflict a denial-of-service attack with
specially crafted String data.

CVE-2018-1656: Protect against path traversal attacks when extracting
compressed dump files.

CVE-2018-2940: Fixed an easily exploitable vulnerability in the
libraries subcomponent, which allowed unauthenticated attackers with
network access via multiple protocols to compromise the Java SE, leading
to unauthorized read access.

CVE-2018-2952: Fixed an easily exploitable vulnerability in the
concurrency subcomponent, which allowed unauthenticated attackers with
network access via multiple protocols to compromise the Java SE, leading
to denial of service.

CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE
subcomponent, which allowed unauthenticated attackers with network
access via SSL/TLS to compromise the Java SE, leading to unauthorized
creation, deletion or modification access to critical data.

CVE-2018-12539: Fixed a vulnerability in which users other than the
process
owner may be able to use Java Attach API to connect to the IBM JVM on
the same machine and use Attach API operations, including the ability
to execute untrusted arbitrary code.

Other changes made:
Various JIT/JVM crash fixes

Version update to 7.1.4.30 (bsc#1104668)

You can find detailed information about this update
[here]([link moved to references]
IBM_Security_Update_August_2018).

Affected Software/OS:
'java-1_7_1-ibm' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1517
BugTraq ID: 105117
http://www.securityfocus.com/bid/105117
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2569
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2576
https://access.redhat.com/errata/RHSA-2018:2576
RedHat Security Advisories: RHSA-2018:2712
https://access.redhat.com/errata/RHSA-2018:2712
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
XForce ISS Database: ibm-sdk-cve20181517-dos(141681)
https://exchange.xforce.ibmcloud.com/vulnerabilities/141681
Common Vulnerability Exposure (CVE) ID: CVE-2018-1656
BugTraq ID: 105118
http://www.securityfocus.com/bid/105118
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.securitytracker.com/id/1041765
XForce ISS Database: ibm-java-cve20181656-file-overwrite(144882)
https://exchange.xforce.ibmcloud.com/vulnerabilities/144882
Common Vulnerability Exposure (CVE) ID: CVE-2018-2940
BugTraq ID: 104768
http://www.securityfocus.com/bid/104768
RedHat Security Advisories: RHSA-2018:2253
https://access.redhat.com/errata/RHSA-2018:2253
RedHat Security Advisories: RHSA-2018:2254
https://access.redhat.com/errata/RHSA-2018:2254
RedHat Security Advisories: RHSA-2018:2255
https://access.redhat.com/errata/RHSA-2018:2255
RedHat Security Advisories: RHSA-2018:2256
https://access.redhat.com/errata/RHSA-2018:2256
RedHat Security Advisories: RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3007
RedHat Security Advisories: RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3008
http://www.securitytracker.com/id/1041302
Common Vulnerability Exposure (CVE) ID: CVE-2018-2952
BugTraq ID: 104765
http://www.securityfocus.com/bid/104765
Debian Security Information: DSA-4268 (Google Search)
https://www.debian.org/security/2018/dsa-4268
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
RedHat Security Advisories: RHSA-2018:2241
https://access.redhat.com/errata/RHSA-2018:2241
RedHat Security Advisories: RHSA-2018:2242
https://access.redhat.com/errata/RHSA-2018:2242
RedHat Security Advisories: RHSA-2018:2283
https://access.redhat.com/errata/RHSA-2018:2283
RedHat Security Advisories: RHSA-2018:2286
https://access.redhat.com/errata/RHSA-2018:2286
https://usn.ubuntu.com/3734-1/
https://usn.ubuntu.com/3735-1/
https://usn.ubuntu.com/3747-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-2973
BugTraq ID: 104773
http://www.securityfocus.com/bid/104773
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.