Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.3045.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:3045-1)
Summary:The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2018:3045-1 advisory.
Description:Summary:
The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2018:3045-1 advisory.

Vulnerability Insight:
This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues:

These security issues were fixed:
CVE-2018-2938: Difficult to exploit vulnerability allowed
unauthenticated attacker with network access via multiple protocols to
compromise Java SE. Successful attacks of this vulnerability can result
in takeover of Java SE (bsc#1101644).

CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily
exploitable vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks require human interaction from a person other than
the attacker. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of Java SE, Java SE Embedded
accessible data (bsc#1101645)

CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to
exploit vulnerability allowed unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS)
of Java SE, Java SE Embedded, JRockit (bsc#1101651)

CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit
vulnerability allowed unauthenticated attacker with network access via
SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of
this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Java SE, Java SE Embedded
accessible data (bsc#1101656)

These non-security issues were fixed:
Improve desktop file usage

Better Internet address support

speculative traps break when classes are redefined

sun/security/pkcs11/ec/ReadCertificates.java fails intermittently

Clean up code that saves the previous versions of redefined classes

Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links

RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid())
failed: obj is valid

NMT is not enabled if NMT option is specified after class path specifiers

EndEntityChecker should not process custom extensions after PKIX
validation

SupportedDSAParamGen.java failed with timeout

Montgomery multiply intrinsic should use correct name

When determining the ciphersuite lists, there is no debug output for
disabled suites.

sun/security/mscapi/SignedObjectChain.java fails on Windows

On Windows Swing changes keyboard layout on a window activation

IfNode::range_check_trap_proj() should handler dying subgraph with
single if proj

Even better Internet address support

Newlines in JAXB string values of SOAP-requests are escaped to '
'

TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException

Unable to use JDWP API in JDK 8 to debug JDK 9 VM

Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3

Performance drop with ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'java-1_8_0-openjdk' package(s) on SUSE Linux Enterprise Module for Legacy Software 15

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-2938
BugTraq ID: 104774
http://www.securityfocus.com/bid/104774
http://www.securitytracker.com/id/1041302
Common Vulnerability Exposure (CVE) ID: CVE-2018-2940
BugTraq ID: 104768
http://www.securityfocus.com/bid/104768
RedHat Security Advisories: RHSA-2018:2253
https://access.redhat.com/errata/RHSA-2018:2253
RedHat Security Advisories: RHSA-2018:2254
https://access.redhat.com/errata/RHSA-2018:2254
RedHat Security Advisories: RHSA-2018:2255
https://access.redhat.com/errata/RHSA-2018:2255
RedHat Security Advisories: RHSA-2018:2256
https://access.redhat.com/errata/RHSA-2018:2256
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2569
https://access.redhat.com/errata/RHSA-2018:2569
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2576
https://access.redhat.com/errata/RHSA-2018:2576
RedHat Security Advisories: RHSA-2018:2712
https://access.redhat.com/errata/RHSA-2018:2712
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
RedHat Security Advisories: RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3007
RedHat Security Advisories: RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3008
Common Vulnerability Exposure (CVE) ID: CVE-2018-2952
BugTraq ID: 104765
http://www.securityfocus.com/bid/104765
Debian Security Information: DSA-4268 (Google Search)
https://www.debian.org/security/2018/dsa-4268
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
RedHat Security Advisories: RHSA-2018:2241
https://access.redhat.com/errata/RHSA-2018:2241
RedHat Security Advisories: RHSA-2018:2242
https://access.redhat.com/errata/RHSA-2018:2242
RedHat Security Advisories: RHSA-2018:2283
https://access.redhat.com/errata/RHSA-2018:2283
RedHat Security Advisories: RHSA-2018:2286
https://access.redhat.com/errata/RHSA-2018:2286
https://usn.ubuntu.com/3734-1/
https://usn.ubuntu.com/3735-1/
https://usn.ubuntu.com/3747-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-2973
BugTraq ID: 104773
http://www.securityfocus.com/bid/104773
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.