SB2017052903 - openSUSE update for java-1_7_0-openjdk
Published: May 29, 2017
Security Bulletin ID
SB2017052903
Severity
High
Patch available
YES
Number of vulnerabilities
9
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Remote code execution (CVE-ID: CVE-2017-3289)
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code.The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Hotspot component. A remote attacker can trick the victim into opening a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
2) Security restrictions bypass (CVE-ID: CVE-2017-3509)
The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.The weakness exists due to unknown error. A remote attacker can read and modify arbitrary files.
3) Remote code execution (CVE-ID: CVE-2017-3511)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded, JRockit JCE component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) Remote code execution (CVE-ID: CVE-2017-3512)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to unknown error related to the Java SE AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Remote code execution (CVE-ID: CVE-2017-3514)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to unknown error related to the Java SE AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
6) Denial of service (CVE-ID: CVE-2017-3526)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted webpage and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
7) Security restrictions bypass (CVE-ID: CVE-2017-3533)
The vulnerability allows a remote attacker to modify information on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded, JRockit Networking component. A remote attacker can access and modify arbitrary data.
8) Security restrictions bypass (CVE-ID: CVE-2017-3539)
The vulnerability allows a remote attacker to modify information on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded Security component. A remote attacker can trick the victim into visiting a specially crafted webpage, access and modify arbitrary data.
9) Security restrictions bypass (CVE-ID: CVE-2017-3544)
The vulnerability allows a remote attacker to modify information on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded Networking component. A remote attacker can access and modify arbitrary data.
Remediation
Install update from vendor's website.