{"id": "JAVA_APR2019_ADVISORY.ASC", "bulletinFamily": "unix", "title": "Multiple vulnerabilities in IBM Java SDK affect AIX", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Jun 28 13:47:27 CDT 2019\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/java_apr2019_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/java_apr2019_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_apr2019_advisory.asc\n\nSecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in IBM SDK Java Technology Edition,\n Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed\n as part of the IBM Java SDK updates in April 2019.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2019-10245\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10245\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10245\n DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of service, caused \n by the execution of a method past the end of bytecode array by the \n Java bytecode verifier. A remote attacker could exploit this \n vulnerability to cause the application to crash. \n CVSS Base Score: 7.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/160010\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2019-2684\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to \n the Java SE, Java SE Embedded RMI component could allow an \n unauthenticated attacker to cause no confidentiality impact, high \n integrity impact, and no availability impact.\n CVSS Base Score: 5.9\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/159776\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n CVEID: CVE-2019-2602\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2602\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2602\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to \n the Java SE, Java SE Embedded Libraries component could allow an \n unauthenticated attacker to cause a denial of service resulting in a \n high availability impact using unknown attack vectors.\n CVSS Base Score: 7.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/159698\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2019-2697\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2697\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2697\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to \n the Java SE 2D component could allow an unauthenticated attacker to \n take control of the system.\n CVSS Base Score: 8.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/159789\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2019-2698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2698\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2698\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to \n the Java SE 2D component could allow an unauthenticated attacker to \n take control of the system.\n CVSS Base Score: 8.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/159790\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n\nAFFECTED PRODUCTS AND VERSIONS:\n\n AIX 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels (VRMF) are vulnerable, if the\n respective Java version is installed:\n For Java7: Less than 7.0.0.645\n For Java7.1: Less than 7.1.0.445\n For Java8: Less than 8.0.0.535\n\n Note: To find out whether the affected Java filesets are installed\n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i java\n\n\nREMEDIATION:\n\n Note: Recommended remediation is to always install the most recent\n Java package available for the respective Java version.\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix\n Pack 45 and subsequent releases:\n 32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix\n Pack 45 and subsequent releases:\n 32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix\n Pack 35 and subsequent releases:\n 32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n\nWORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n\n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n\n Complete CVSS v2 Guide:\n http://www.first.org/cvss/v2/guide\n On-line Calculator v2:\n http://nvd.nist.gov/CVSS-v2-Calculator\n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n IBM Java SDK Security Bulletin:\n https://www-01.ibm.com/support/docview.wss?uid=ibm10882850\n\n\nRELATED INFORMATION:\n\n Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n http://www-01.ibm.com/support/docview.wss?uid=ibm10884442\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\nCHANGE HISTORY:\n\n First Issued: Fri Jun 28 13:47:27 CDT 2019\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will\nultimately impact the Overall CVSS Score. Customers can evaluate the impact\nof this vulnerability in their environments by accessing the links in the\nReference section of this Security Bulletin.\n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the\nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard\ndesigned to convey vulnerability severity and help to determine urgency and\npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY\nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT\nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n\n", "published": "2019-06-28T13:47:27", "modified": "2019-06-28T13:47:27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://aix.software.ibm.com/aix/efixes/security/java_apr2019_advisory.asc", "reporter": "CentOS Project", "references": [], "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "type": "aix", "lastseen": "2019-07-02T14:21:50", "edition": 1, "viewCount": 91, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2019-1166.NASL", "AIX_JAVA_APR2019_ADVISORY.NASL", "SUSE_SU-2019-1308-1.NASL", "SUSE_SU-2019-1345-1.NASL", "REDHAT-RHSA-2019-1163.NASL", "REDHAT-RHSA-2019-1165.NASL", "REDHAT-RHSA-2019-1325.NASL", "SUSE_SU-2019-14059-1.NASL", "REDHAT-RHSA-2019-1164.NASL", "SUSE_SU-2019-1308-2.NASL"]}, {"type": "redhat", "idList": ["RHSA-2019:1163", "RHSA-2019:1146", "RHSA-2019:0775", "RHSA-2019:0790", "RHSA-2019:1166", "RHSA-2019:1165", "RHSA-2019:1164", "RHSA-2019:0774", "RHSA-2019:0791", "RHSA-2019:1325"]}, {"type": "cve", "idList": ["CVE-2019-2698", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-10245", "CVE-2019-2602"]}, {"type": "amazon", "idList": ["ALAS2-2019-1209", "ALAS-2019-1266", "ALAS2-2019-1228"]}, {"type": "ubuntu", "idList": ["USN-3975-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310883039", "OPENVAS:1361412562310883043", "OPENVAS:1361412562310883042", "OPENVAS:1361412562310891782", "OPENVAS:1361412562311220191585", "OPENVAS:1361412562310883041", "OPENVAS:1361412562311220191745", "OPENVAS:1361412562311220191301", "OPENVAS:1361412562310704453", "OPENVAS:1361412562310844002"]}, {"type": "kaspersky", "idList": ["KLA11470"]}, {"type": "f5", "idList": ["F5:K11175903"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-0774", "ELSA-2019-0790", "ELSA-2019-0775", "ELSA-2019-1146", "ELSA-2019-0791"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4453-1:C46EE", "DEBIAN:DLA-1782-1:EE207"]}, {"type": "centos", "idList": ["CESA-2019:0775", "CESA-2019:0791", "CESA-2019:0790", "CESA-2019:0774"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1438-1"]}], "modified": "2019-07-02T14:21:50", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2019-07-02T14:21:50", "rev": 2}, "vulnersScore": 8.3}, "aixFileset": [{"fileset": "Java8_64.jre", "productName": "aix", "productVersions": ["any"], "versionGte": "8.0.0.535", "versionLte": "8.0.0.535"}, {"fileset": "Java8.sdk", "productName": "aix", "productVersions": ["any"], "versionGte": "8.0.0.535", "versionLte": "8.0.0.535"}, {"fileset": "Java8.jre", "productName": "aix", "productVersions": ["any"], "versionGte": "8.0.0.535", "versionLte": "8.0.0.535"}, {"fileset": "Java7.jre", "productName": "aix", "productVersions": ["any"], "versionGte": "7.0.0.645", "versionLte": "7.0.0.645"}, {"fileset": "Java7_64.sdk", "productName": "aix", "productVersions": ["any"], "versionGte": "7.0.0.645", "versionLte": "7.0.0.645"}, {"fileset": "Java7.1.sdk", "productName": "aix", "productVersions": ["any"], "versionGte": "7.1.0.445", "versionLte": "7.1.0.445"}, {"fileset": "Java7", "productName": "aix", "productVersions": ["any"], "versionGte": "7.0.0.645", "versionLte": "7.0.0.645"}, {"fileset": "Java7.sdk", "productName": "aix", "productVersions": ["any"], "versionGte": "7.0.0.645", "versionLte": "7.0.0.645"}, {"fileset": "Java7.1.jre", "productName": "aix", "productVersions": ["any"], "versionGte": "7.1.0.445", "versionLte": "7.1.0.445"}, {"fileset": "Java7.1_64.jre", "productName": "aix", "productVersions": ["any"], "versionGte": "7.1.0.445", "versionLte": "7.1.0.445"}, {"fileset": "Java8", "productName": "aix", "productVersions": ["any"], "versionGte": "8.0.0.535", "versionLte": "8.0.0.535"}, {"fileset": "Java7.1", "productName": "aix", "productVersions": ["any"], "versionGte": "7.1.0.445", "versionLte": "7.1.0.445"}, {"fileset": "Java7.1_64.sdk", "productName": "aix", "productVersions": ["any"], "versionGte": "7.1.0.445", "versionLte": "7.1.0.445"}, {"fileset": "Java7_64.jre", "productName": "aix", "productVersions": ["any"], "versionGte": "7.0.0.645", "versionLte": "7.0.0.645"}, {"fileset": "Java8_64.sdk", "productName": "aix", "productVersions": ["any"], "versionGte": "8.0.0.535", "versionLte": "8.0.0.535"}], "aix": {"apars": []}}

{"nessus": [{"lastseen": "2021-03-01T05:49:41", "description": "An update for java-1.8.0-ibm is now available for Red Hat Satellite\n5.8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-07T00:00:00", "title": "RHEL 6 : java-1.8.0-ibm (RHSA-2019:1325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-1325.NASL", "href": "https://www.tenable.com/plugins/nessus/125756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1325. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125756);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:47\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n script_xref(name:\"RHSA\", value:\"2019:1325\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-ibm (RHSA-2019:1325)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-ibm is now available for Red Hat Satellite\n5.8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10245\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.8.0-ibm and / or java-1.8.0-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1325\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-ibm / java-1.8.0-ibm-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:49:13", "description": "An update for java-1.8.0-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "RHEL 6 : java-1.8.0-ibm (RHSA-2019:1163)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src"], "id": "REDHAT-RHSA-2019-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/125012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1163. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125012);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n script_xref(name:\"RHSA\", value:\"2019:1163\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-ibm (RHSA-2019:1163)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10245\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1163\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-plugin-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-plugin-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el6_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:00:10", "description": "This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 5 Fix Pack 35.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-22T00:00:00", "title": "SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1308-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa"], "id": "SUSE_SU-2019-1308-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125335", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1308-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125335);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:51\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n\n script_name(english:\"SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1308-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 5 Fix Pack 35.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10245/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2697/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2698/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191308-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d45ad37f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-1308=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-ibm-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr5.35-3.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-ibm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T01:18:56", "description": "The version of Java SDK installed on the remote AIX host is affected\nby multiple vulnerabilities in the following subcomponents :\n\n - A flaw exists in Libraries that allows an unauthenticated, remote\n attacker to cause denial of service. (CVE-2019-2602)\n\n - A flaw exists in the RMI component that allows an unauthenticated,\n remote attacker to cause unspecified integrity impact.\n (CVE-2019-2684)\n\n - Flaws exist in the 2D component that allows an unauthenticated,\n remote attacker to take control of the system via unspecified\n means. (CVE-2019-2697, CVE-2019-2698)\n\n - A flaw exists in Eclipse OpenJ9 that allows an unauthenticated,\n remote attacker to cause denial of service. (CVE-2019-10245)", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-22T00:00:00", "title": "AIX Java Advisory : java_apr2019_advisory.asc (April 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk", "cpe:/o:ibm:aix"], "id": "AIX_JAVA_APR2019_ADVISORY.NASL", "href": "https://www.tenable.com/plugins/nessus/126924", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126924);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/08/12 17:35:38\");\n\n script_cve_id(\n \"CVE-2019-2602\",\n \"CVE-2019-2684\",\n \"CVE-2019-2697\",\n \"CVE-2019-2698\",\n \"CVE-2019-10245\"\n );\n script_bugtraq_id(\n 107915,\n 107917,\n 107918,\n 107922,\n 108094\n );\n\n script_name(english:\"AIX Java Advisory : java_apr2019_advisory.asc (April 2019 CPU)\");\n script_summary(english:\"Checks the version of the Java package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Java SDK installed on the remote AIX host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Java SDK installed on the remote AIX host is affected\nby multiple vulnerabilities in the following subcomponents :\n\n - A flaw exists in Libraries that allows an unauthenticated, remote\n attacker to cause denial of service. (CVE-2019-2602)\n\n - A flaw exists in the RMI component that allows an unauthenticated,\n remote attacker to cause unspecified integrity impact.\n (CVE-2019-2684)\n\n - Flaws exist in the 2D component that allows an unauthenticated,\n remote attacker to take control of the system via unspecified\n means. (CVE-2019-2697, CVE-2019-2698)\n\n - A flaw exists in Eclipse OpenJ9 that allows an unauthenticated,\n remote attacker to cause denial of service. (CVE-2019-10245)\");\n # https://aix.software.ibm.com/aix/efixes/security/java_apr2019_advisory.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cd5eba2\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4918cb7e\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6763c01c\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?816ae152\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38db0cea\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8bd8b12\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8ecb276\");\n script_set_attribute(attribute:\"solution\", value:\n\"Fixes are available by version and can be downloaded from the IBM AIX\nwebsite.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2697\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\", \"Host/AIX/oslevelsp\");\n\n exit(0);\n}\n\ninclude('aix.inc');\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') )\n audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit('Host/AIX/version');\nif (\n oslevel != 'AIX-7.1' &&\n oslevel != 'AIX-7.2'\n)\n{\n oslevel = ereg_replace(string:oslevel, pattern:'-', replace:' ');\n audit(AUDIT_OS_NOT, 'AIX 7.1 / 7.2', oslevel);\n}\n\noslevelcomplete = chomp(get_kb_item('Host/AIX/oslevelsp'));\nif (empty_or_null(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, 'AIX');\n\nif ( ! get_kb_item('Host/AIX/lslpp') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\n#Java7 7.0.0.645\nif (aix_check_package(release:'7.1', package:'Java7.sdk', minpackagever:'7.0.0.0', maxpackagever:'7.0.0.644', fixpackagever:'7.0.0.645') > 0) flag++;\nif (aix_check_package(release:'7.2', package:'Java7.sdk', minpackagever:'7.0.0.0', maxpackagever:'7.0.0.644', fixpackagever:'7.0.0.645') > 0) flag++;\nif (aix_check_package(release:'7.1', package:'Java7_64.sdk', minpackagever:'7.0.0.0', maxpackagever:'7.0.0.644', fixpackagever:'7.0.0.645') > 0) flag++;\nif (aix_check_package(release:'7.2', package:'Java7_64.sdk', minpackagever:'7.0.0.0', maxpackagever:'7.0.0.644', fixpackagever:'7.0.0.645') > 0) flag++;\n\n#Java7.1 7.1.0.445\nif (aix_check_package(release:'7.1', package:'Java7.sdk', minpackagever:'7.1.0.0', maxpackagever:'7.1.0.444', fixpackagever:'7.1.0.445') > 0) flag++;\nif (aix_check_package(release:'7.2', package:'Java7.sdk', minpackagever:'7.1.0.0', maxpackagever:'7.1.0.444', fixpackagever:'7.1.0.445') > 0) flag++;\nif (aix_check_package(release:'7.1', package:'Java7_64.sdk', minpackagever:'7.1.0.0', maxpackagever:'7.1.0.444', fixpackagever:'7.1.0.445') > 0) flag++;\nif (aix_check_package(release:'7.2', package:'Java7_64.sdk', minpackagever:'7.1.0.0', maxpackagever:'7.1.0.444', fixpackagever:'7.1.0.445') > 0) flag++;\n\n#Java8.0 8.0.0.537\nif (aix_check_package(release:'7.1', package:'Java8.sdk', minpackagever:'8.0.0.0', maxpackagever:'8.0.0.536', fixpackagever:'8.0.0.537') > 0) flag++;\nif (aix_check_package(release:'7.2', package:'Java8.sdk', minpackagever:'8.0.0.0', maxpackagever:'8.0.0.536', fixpackagever:'8.0.0.537') > 0) flag++;\nif (aix_check_package(release:'7.1', package:'Java8_64.sdk', minpackagever:'8.0.0.0', maxpackagever:'8.0.0.536', fixpackagever:'8.0.0.537') > 0) flag++;\nif (aix_check_package(release:'7.2', package:'Java8_64.sdk', minpackagever:'8.0.0.0', maxpackagever:'8.0.0.536', fixpackagever:'8.0.0.537') > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Java7 / Java8');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:18:11", "description": "This update for java-1_7_1-ibm fixes the following issues :\n\nUpdate to Java 7.1 Service Refresh 4 Fix Pack 45.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-28T00:00:00", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2019:1345-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2019-05-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"], "id": "SUSE_SU-2019-1345-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1345-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125461);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2019:1345-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for java-1_7_1-ibm fixes the following issues :\n\nUpdate to Java 7.1 Service Refresh 4 Fix Pack 45.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10245/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2697/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2698/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191345-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f33880fe\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-1345=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1345=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-1345=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-1345=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1345=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1345=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1345=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-1345=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-1345=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1345=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1345=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-1345=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_1-ibm-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.45-38.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.45-38.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:49:14", "description": "An update for java-1.8.0-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "RHEL 7 : java-1.8.0-ibm (RHSA-2019:1164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src"], "id": "REDHAT-RHSA-2019-1164.NASL", "href": "https://www.tenable.com/plugins/nessus/125013", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1164. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125013);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n script_xref(name:\"RHSA\", value:\"2019:1164\");\n\n script_name(english:\"RHEL 7 : java-1.8.0-ibm (RHSA-2019:1164)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10245\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1164\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-plugin-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:49:15", "description": "An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP45.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "RHEL 6 : java-1.7.1-ibm (RHSA-2019:1165)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src"], "id": "REDHAT-RHSA-2019-1165.NASL", "href": "https://www.tenable.com/plugins/nessus/125014", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1165. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125014);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n script_xref(name:\"RHSA\", value:\"2019:1165\");\n\n script_name(english:\"RHEL 6 : java-1.7.1-ibm (RHSA-2019:1165)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP45.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10245\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1165\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-src-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-src-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-src-1.7.1.4.45-1jpp.1.el6_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:18:10", "description": "This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 5 Fix Pack 35.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-28T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1308-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2019-06-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-src", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa"], "id": "SUSE_SU-2019-1308-2.NASL", "href": "https://www.tenable.com/plugins/nessus/126336", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1308-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126336);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1308-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 5 Fix Pack 35.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10245/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2697/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2698/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191308-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e286dda3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1308=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-1308=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-32bit-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-devel-32bit-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-ibm-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-ibm-demo-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-ibm-src-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-32bit-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-devel-32bit-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-ibm-demo-1.8.0_sr5.35-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-ibm-src-1.8.0_sr5.35-3.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-ibm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:59:32", "description": "This update for java-1_7_1-ibm fixes the following issues :\n\nUpdate to Java 7.1 Service Refresh 4 Fix Pack 45.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-22T00:00:00", "title": "SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2019:14059-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2019-05-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"], "id": "SUSE_SU-2019-14059-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:14059-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125336);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2019:14059-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm fixes the following issues :\n\nUpdate to Java 7.1 Service Refresh 4 Fix Pack 45.\n\nSecurity issues fixed :\n\nCVE-2019-10245: Fixed Java bytecode verifier issue causing crashes\n(bsc#1134718).\n\nCVE-2019-2698: Fixed out of bounds access flaw in the 2D component\n(bsc#1132729).\n\nCVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734).\n\nCVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:\nLibraries) (bsc#1132728).\n\nCVE-2019-2684: Fixed flaw was found in the RMI registry implementation\n(bsc#1132732).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10245/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2697/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-2698/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-201914059-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19c2565f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch\nslessp4-java-1_7_1-ibm-14059=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.45-26.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.45-26.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-1.7.1_sr4.45-26.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.45-26.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.45-26.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.45-26.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:49:16", "description": "An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP45.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "RHEL 7 : java-1.7.1-ibm (RHSA-2019:1166)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10245", "CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src"], "id": "REDHAT-RHSA-2019-1166.NASL", "href": "https://www.tenable.com/plugins/nessus/125015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1166. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125015);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-10245\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n script_xref(name:\"RHSA\", value:\"2019:1166\");\n\n script_name(english:\"RHEL 7 : java-1.7.1-ibm (RHSA-2019:1166)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP45.\n\nSecurity Fix(es) :\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)\n(CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID()\n(2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash\n(CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10245\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1166\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-src-1.7.1.4.45-1jpp.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-src-1.7.1.4.45-1jpp.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10245", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698"], "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP45.\n\nSecurity Fix(es):\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T01:04:19", "published": "2019-05-14T00:58:12", "id": "RHSA-2019:1165", "href": "https://access.redhat.com/errata/RHSA-2019:1165", "type": "redhat", "title": "(RHSA-2019:1165) Important: java-1.7.1-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10245", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698"], "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es):\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-06-04T17:18:14", "published": "2019-06-04T17:15:46", "id": "RHSA-2019:1325", "href": "https://access.redhat.com/errata/RHSA-2019:1325", "type": "redhat", "title": "(RHSA-2019:1325) Important: java-1.8.0-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10245", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698"], "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es):\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T01:04:22", "published": "2019-05-14T00:57:53", "id": "RHSA-2019:1163", "href": "https://access.redhat.com/errata/RHSA-2019:1163", "type": "redhat", "title": "(RHSA-2019:1163) Important: java-1.8.0-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10245", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698"], "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP35.\n\nSecurity Fix(es):\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T01:04:20", "published": "2019-05-14T00:58:02", "id": "RHSA-2019:1164", "href": "https://access.redhat.com/errata/RHSA-2019:1164", "type": "redhat", "title": "(RHSA-2019:1164) Important: java-1.8.0-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:14", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10245", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698"], "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP45.\n\nSecurity Fix(es):\n\n* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697)\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\n* IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T01:04:21", "published": "2019-05-14T00:58:23", "id": "RHSA-2019:1166", "href": "https://access.redhat.com/errata/RHSA-2019:1166", "type": "redhat", "title": "(RHSA-2019:1166) Important: java-1.7.1-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698"], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-04-22T17:58:09", "published": "2019-04-22T17:42:43", "id": "RHSA-2019:0791", "href": "https://access.redhat.com/errata/RHSA-2019:0791", "type": "redhat", "title": "(RHSA-2019:0791) Important: java-1.7.0-openjdk security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698"], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-04-22T17:58:10", "published": "2019-04-22T17:42:30", "id": "RHSA-2019:0790", "href": "https://access.redhat.com/errata/RHSA-2019:0790", "type": "redhat", "title": "(RHSA-2019:0790) Important: java-1.7.0-openjdk security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698"], "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* assert failure in coalesce.cpp: attempted to spill a non-spillable item (BZ#1640127)", "modified": "2019-04-17T19:06:09", "published": "2019-04-17T18:49:38", "id": "RHSA-2019:0774", "href": "https://access.redhat.com/errata/RHSA-2019:0774", "type": "redhat", "title": "(RHSA-2019:0774) Important: java-1.8.0-openjdk security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698"], "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-13T10:57:33", "published": "2019-05-13T10:51:51", "id": "RHSA-2019:1146", "href": "https://access.redhat.com/errata/RHSA-2019:1146", "type": "redhat", "title": "(RHSA-2019:1146) Important: java-1.8.0-openjdk security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698"], "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-04-17T19:06:08", "published": "2019-04-17T18:49:45", "id": "RHSA-2019:0775", "href": "https://access.redhat.com/errata/RHSA-2019:0775", "type": "redhat", "title": "(RHSA-2019:0775) Important: java-1.8.0-openjdk security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T07:12:45", "description": "In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.", "edition": 11, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-19T14:29:00", "title": "CVE-2019-10245", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10245"], "modified": "2019-06-04T17:29:00", "cpe": [], "id": "CVE-2019-10245", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10245", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T07:13:00", "description": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "edition": 9, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2697", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2697"], "modified": "2020-09-08T13:00:00", "cpe": ["cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2019-2697", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2697", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_211:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:00", "description": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "edition": 18, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2684", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2684"], "modified": "2020-09-11T16:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/a:oracle:jre:11.0.2", "cpe:/a:redhat:openshift_container_platform:3.11", "cpe:/a:oracle:jre:12", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:11.0.2", "cpe:/a:oracle:jdk:12", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2019-2684", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2684", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_211:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_201:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:12:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update201:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:00", "description": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2602", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2602"], "modified": "2020-09-08T13:00:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/a:oracle:jre:11.0.2", "cpe:/a:redhat:openshift_container_platform:3.11", "cpe:/a:oracle:jre:12", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:11.0.2", "cpe:/a:oracle:jdk:12", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2019-2602", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2602", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_211:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_201:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:12:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update201:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:00", "description": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "edition": 11, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2698", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2698"], "modified": "2020-09-08T13:00:00", "cpe": ["cpe:/a:redhat:openshift_container_platform:3.11", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2019-2698", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2698", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_211:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_202:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2020-11-10T12:37:25", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "**Issue Overview:**\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ([CVE-2019-2697 __](<https://access.redhat.com/security/cve/CVE-2019-2697>))\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ([CVE-2019-2698 __](<https://access.redhat.com/security/cve/CVE-2019-2698>))\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ([CVE-2019-2602 __](<https://access.redhat.com/security/cve/CVE-2019-2602>))\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). ([CVE-2019-2684 __](<https://access.redhat.com/security/cve/CVE-2019-2684>))\n\n \n**Affected Packages:** \n\n\njava-11-amazon-corretto\n\n \n**Issue Correction:** \nRun _yum update java-11-amazon-corretto_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n java-11-amazon-corretto-11.0.3+7-1.amzn2.aarch64 \n java-11-amazon-corretto-headless-11.0.3+7-1.amzn2.aarch64 \n java-11-amazon-corretto-javadoc-11.0.3+7-1.amzn2.aarch64 \n \n src: \n java-11-amazon-corretto-11.0.3+7-1.amzn2.src \n \n x86_64: \n java-11-amazon-corretto-11.0.3+7-1.amzn2.x86_64 \n java-11-amazon-corretto-headless-11.0.3+7-1.amzn2.x86_64 \n java-11-amazon-corretto-javadoc-11.0.3+7-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-06-11T23:21:00", "published": "2019-06-11T23:21:00", "id": "ALAS2-2019-1228", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1228.html", "title": "Important: java-11-amazon-corretto", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "**Issue Overview:**\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).([CVE-2019-2684 __](<https://access.redhat.com/security/cve/CVE-2019-2684>))\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).([CVE-2019-2602 __](<https://access.redhat.com/security/cve/CVE-2019-2602>))\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).([CVE-2019-2698 __](<https://access.redhat.com/security/cve/CVE-2019-2698>))\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.8.0-openjdk-1.8.0.212.b04-0.45.amzn1.i686 \n java-1.8.0-openjdk-debuginfo-1.8.0.212.b04-0.45.amzn1.i686 \n java-1.8.0-openjdk-headless-1.8.0.212.b04-0.45.amzn1.i686 \n java-1.8.0-openjdk-demo-1.8.0.212.b04-0.45.amzn1.i686 \n java-1.8.0-openjdk-devel-1.8.0.212.b04-0.45.amzn1.i686 \n java-1.8.0-openjdk-src-1.8.0.212.b04-0.45.amzn1.i686 \n \n noarch: \n java-1.8.0-openjdk-javadoc-1.8.0.212.b04-0.45.amzn1.noarch \n java-1.8.0-openjdk-javadoc-zip-1.8.0.212.b04-0.45.amzn1.noarch \n \n src: \n java-1.8.0-openjdk-1.8.0.212.b04-0.45.amzn1.src \n \n x86_64: \n java-1.8.0-openjdk-1.8.0.212.b04-0.45.amzn1.x86_64 \n java-1.8.0-openjdk-devel-1.8.0.212.b04-0.45.amzn1.x86_64 \n java-1.8.0-openjdk-src-1.8.0.212.b04-0.45.amzn1.x86_64 \n java-1.8.0-openjdk-headless-1.8.0.212.b04-0.45.amzn1.x86_64 \n java-1.8.0-openjdk-demo-1.8.0.212.b04-0.45.amzn1.x86_64 \n java-1.8.0-openjdk-debuginfo-1.8.0.212.b04-0.45.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-08-07T23:35:00", "published": "2019-08-07T23:35:00", "id": "ALAS-2019-1266", "href": "https://alas.aws.amazon.com/ALAS-2019-1266.html", "title": "Important: java-1.8.0-openjdk", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "**Issue Overview:**\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).([CVE-2019-2602 __](<https://access.redhat.com/security/cve/CVE-2019-2602>))\n\nVulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).([CVE-2019-2698 __](<https://access.redhat.com/security/cve/CVE-2019-2698>))\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).([CVE-2019-2684 __](<https://access.redhat.com/security/cve/CVE-2019-2684>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-1.7.0.221-2.6.18.1.amzn2.0.1.i686 \n java-1.7.0-openjdk-headless-1.7.0.221-2.6.18.1.amzn2.0.1.i686 \n java-1.7.0-openjdk-devel-1.7.0.221-2.6.18.1.amzn2.0.1.i686 \n java-1.7.0-openjdk-demo-1.7.0.221-2.6.18.1.amzn2.0.1.i686 \n java-1.7.0-openjdk-src-1.7.0.221-2.6.18.1.amzn2.0.1.i686 \n java-1.7.0-openjdk-accessibility-1.7.0.221-2.6.18.1.amzn2.0.1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.221-2.6.18.1.amzn2.0.1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.221-2.6.18.1.amzn2.0.1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.221-2.6.18.1.amzn2.0.1.src \n \n x86_64: \n java-1.7.0-openjdk-1.7.0.221-2.6.18.1.amzn2.0.1.x86_64 \n java-1.7.0-openjdk-headless-1.7.0.221-2.6.18.1.amzn2.0.1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.221-2.6.18.1.amzn2.0.1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.221-2.6.18.1.amzn2.0.1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.221-2.6.18.1.amzn2.0.1.x86_64 \n java-1.7.0-openjdk-accessibility-1.7.0.221-2.6.18.1.amzn2.0.1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.221-2.6.18.1.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-05-16T21:42:00", "published": "2019-05-16T21:42:00", "id": "ALAS2-2019-1209", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1209.html", "title": "Important: java-1.7.0-openjdk", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:31", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "It was discovered that the BigDecimal implementation in OpenJDK performed \nexcessive computation when given certain values. An attacker could use this \nto cause a denial of service (excessive CPU usage). (CVE-2019-2602)\n\nCorwin de Boor and Robert Xiao discovered that the RMI registry \nimplementation in OpenJDK did not properly select the correct skeleton \nclass in some situations. An attacker could use this to possibly escape \nJava sandbox restrictions. (CVE-2019-2684)\n\nMateusz Jurczyk discovered a vulnerability in the 2D component of \nOpenJDK. An attacker could use this to possibly escape Java sandbox \nrestrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 \nLTS. (CVE-2019-2697)\n\nMateusz Jurczyk discovered a vulnerability in the font layout engine \nof OpenJDK's 2D component. An attacker could use this to possibly \nescape Java sandbox restrictions. This issue only affected OpenJDK 8 \nin Ubuntu 16.04 LTS. (CVE-2019-2698)", "edition": 3, "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "USN-3975-1", "href": "https://ubuntu.com/security/notices/USN-3975-1", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the ", "modified": "2019-05-17T00:00:00", "published": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310844002", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844002", "type": "openvas", "title": "Ubuntu Update for openjdk-lts USN-3975-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844002\");\n script_version(\"2019-05-17T10:04:07+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2697\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:04:07 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-14 02:00:43 +0000 (Tue, 14 May 2019)\");\n script_name(\"Ubuntu Update for openjdk-lts USN-3975-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3975-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3975-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-lts'\n package(s) announced via the USN-3975-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the BigDecimal implementation in OpenJDK performed\nexcessive computation when given certain values. An attacker could use this\nto cause a denial of service (excessive CPU usage). (CVE-2019-2602)\n\nCorwin de Boor and Robert Xiao discovered that the RMI registry\nimplementation in OpenJDK did not properly select the correct skeleton\nclass in some situations. An attacker could use this to possibly escape\nJava sandbox restrictions. (CVE-2019-2684)\n\nMateusz Jurczyk discovered a vulnerability in the 2D component of\nOpenJDK. An attacker could use this to possibly escape Java sandbox\nrestrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04\nLTS. (CVE-2019-2697)\n\nMateusz Jurczyk discovered a vulnerability in the font layout engine\nof OpenJDK's 2D component. An attacker could use this to possibly\nescape Java sandbox restrictions. This issue only affected OpenJDK 8\nin Ubuntu 16.04 LTS. (CVE-2019-2698)\");\n\n script_tag(name:\"affected\", value:\"'openjdk-lts' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jdk\", ver:\"11.0.3+7-1ubuntu2~18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jdk-headless\", ver:\"11.0.3+7-1ubuntu2~18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jre\", ver:\"11.0.3+7-1ubuntu2~18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jre-headless\", ver:\"11.0.3+7-1ubuntu2~18.10.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jdk\", ver:\"11.0.3+7-1ubuntu2~19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jdk-headless\", ver:\"11.0.3+7-1ubuntu2~19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jre\", ver:\"11.0.3+7-1ubuntu2~19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jre-headless\", ver:\"11.0.3+7-1ubuntu2~19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jdk\", ver:\"11.0.3+7-1ubuntu2~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jdk-headless\", ver:\"11.0.3+7-1ubuntu2~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jre\", ver:\"11.0.3+7-1ubuntu2~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-11-jre-headless\", ver:\"11.0.3+7-1ubuntu2~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jdk\", ver:\"8u212-b03-0ubuntu1.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jdk-headless\", ver:\"8u212-b03-0ubuntu1.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jre\", ver:\"8u212-b03-0ubuntu1.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jre-headless\", ver:\"8u212-b03-0ubuntu1.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jre-jamvm\", ver:\"8u212-b03-0ubuntu1.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:29:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-05-11T00:00:00", "id": "OPENVAS:1361412562310891782", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891782", "type": "openvas", "title": "Debian LTS: Security Advisory for openjdk-7 (DLA-1782-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891782\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-11 02:00:08 +0000 (Sat, 11 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for openjdk-7 (DLA-1782-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1782-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-7'\n package(s) announced via the DLA-1782-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in denial of\nservice, sandbox bypass, information disclosure or the execution\nof arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'openjdk-7' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n7u221-2.6.18-1~deb8u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-dbg\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-jdk\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u221-2.6.18-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:43:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-18T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191301", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2019-1301)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1301\");\n script_version(\"2020-02-18T10:52:53+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 10:52:53 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:38:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2019-1301)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1301\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1301\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'java-1.8.0-openjdk' package(s) announced via the EulerOS-SA-2019-1301 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenJDK: Font layout engine out of bounds access setCurrGlyphID()(CVE-2019-2698)\n\nOpenJDK: Slow conversion of BigDecimal to long(CVE-2019-2602)\n\nOpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling(CVE-2019-2684)\");\n\n script_tag(name:\"affected\", value:\"'java-1.8.0-openjdk' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.191.b12~0.h2.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.191.b12~0.h2.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.191.b12~0.h2.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the ", "modified": "2019-05-20T00:00:00", "published": "2019-04-24T00:00:00", "id": "OPENVAS:1361412562310883042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883042", "type": "openvas", "title": "CentOS Update for java CESA-2019:0790 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883042\");\n script_version(\"2019-05-20T06:45:30+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 06:45:30 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-24 02:00:46 +0000 (Wed, 24 Apr 2019)\");\n script_name(\"CentOS Update for java CESA-2019:0790 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:0790\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-April/023277.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the CESA-2019:0790 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D,\n8219022) (CVE-2019-2698)\n\n * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n * OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'java' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.221~2.6.18.0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.221~2.6.18.0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.221~2.6.18.0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.221~2.6.18.0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.221~2.6.18.0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:49:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-18T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191585", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191585", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2019-1585)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1585\");\n script_version(\"2020-02-18T10:52:53+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 10:52:53 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:15:52 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2019-1585)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1585\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1585\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'java-1.8.0-openjdk' package(s) announced via the EulerOS-SA-2019-1585 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (CVE-2019-2698)\n\nOpenJDK: Slow conversion of BigDecimal to long (CVE-2019-2602)\n\nOpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (CVE-2019-2684)\");\n\n script_tag(name:\"affected\", value:\"'java-1.8.0-openjdk' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.191.b12~0.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.191.b12~0.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.191.b12~0.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-05T01:41:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the ", "modified": "2019-05-31T00:00:00", "published": "2019-05-31T00:00:00", "id": "OPENVAS:1361412562310704453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704453", "type": "openvas", "title": "Debian Security Advisory DSA 4453-1 (openjdk-8 - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704453\");\n script_version(\"2019-05-31T02:00:08+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-31 02:00:08 +0000 (Fri, 31 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-31 02:00:08 +0000 (Fri, 31 May 2019)\");\n script_name(\"Debian Security Advisory DSA 4453-1 (openjdk-8 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4453.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4453-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-8'\n package(s) announced via the DSA-4453-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in denial of\nservice or sandbox bypass.\");\n\n script_tag(name:\"affected\", value:\"'openjdk-8' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 8u212-b03-2~deb9u1.\n\nWe recommend that you upgrade your openjdk-8 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-dbg\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-demo\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-doc\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jdk\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jdk-headless\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jre\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jre-headless\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-jre-zero\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openjdk-8-source\", ver:\"8u212-b03-2~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T17:41:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2019-04-20T00:00:00", "id": "OPENVAS:1361412562310883039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883039", "type": "openvas", "title": "CentOS Update for java CESA-2019:0774 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883039\");\n script_version(\"2020-03-13T07:50:12+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:50:12 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-20 02:00:22 +0000 (Sat, 20 Apr 2019)\");\n script_name(\"CentOS Update for java CESA-2019:0774 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:0774\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-April/023275.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the CESA-2019:0774 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D,\n8219022) (CVE-2019-2698)\n\n * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n * OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * assert failure in coalesce.cpp: attempted to spill a non-spillable item\n(BZ#1640127)\");\n\n script_tag(name:\"affected\", value:\"'java' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java-1.8.0-openjdk-debug~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo-debug~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel-debug~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless-debug~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc-debug~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src-debug~1.8.0.212.b04~0.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T17:41:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2019-04-20T00:00:00", "id": "OPENVAS:1361412562310883041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883041", "type": "openvas", "title": "CentOS Update for java CESA-2019:0775 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883041\");\n script_version(\"2020-03-13T07:50:12+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:50:12 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-20 02:00:27 +0000 (Sat, 20 Apr 2019)\");\n script_name(\"CentOS Update for java CESA-2019:0775 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:0775\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-April/023274.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the CESA-2019:0775 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D,\n8219022) (CVE-2019-2698)\n\n * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n * OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'java' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility\", rpm:\"java-1.8.0-openjdk-accessibility~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility-debug\", rpm:\"java-1.8.0-openjdk-accessibility-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java-1.8.0-openjdk-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-zip\", rpm:\"java-1.8.0-openjdk-javadoc-zip~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-zip-debug\", rpm:\"java-1.8.0-openjdk-javadoc-zip-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src-debug~1.8.0.212.b04~0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "The remote host is missing an update for the ", "modified": "2019-05-20T00:00:00", "published": "2019-04-24T00:00:00", "id": "OPENVAS:1361412562310883043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883043", "type": "openvas", "title": "CentOS Update for java CESA-2019:0791 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883043\");\n script_version(\"2019-05-20T06:45:30+0000\");\n script_cve_id(\"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 06:45:30 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-24 02:00:49 +0000 (Wed, 24 Apr 2019)\");\n script_name(\"CentOS Update for java CESA-2019:0791 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:0791\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-April/023276.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the CESA-2019:0791 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D,\n8219022) (CVE-2019-2698)\n\n * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)\n(CVE-2019-2602)\n\n * OpenJDK: Incorrect skeleton selection in RMI registry server-side\ndispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'java' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.221~2.6.18.0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-accessibility\", rpm:\"java-1.7.0-openjdk-accessibility~1.7.0.221~2.6.18.0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.221~2.6.18.0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.221~2.6.18.0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.221~2.6.18.0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.221~2.6.18.0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.221~2.6.18.0.el7_6\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:42:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684", "CVE-2018-3169"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-18T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191745", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2019-1745)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1745\");\n script_version(\"2020-02-18T10:52:53+0000\");\n script_cve_id(\"CVE-2018-3169\", \"CVE-2019-2602\", \"CVE-2019-2684\", \"CVE-2019-2698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 10:52:53 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:21:30 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2019-1745)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1745\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1745\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'java-1.7.0-openjdk' package(s) announced via the EulerOS-SA-2019-1745 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenJDK: Improper field access checks (CVE-2018-3169)\n\nOpenJDK: Font layout engine out of bounds access setCurrGlyphID() (CVE-2019-2698)\n\nOpenJDK: Slow conversion of BigDecimal to long (CVE-2019-2602)\n\nOpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (CVE-2019-2684)\");\n\n script_tag(name:\"affected\", value:\"'java-1.7.0-openjdk' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.191~2.6.15.4.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.191~2.6.15.4.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.191~2.6.15.4.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:36", "bulletinFamily": "info", "cvelist": ["CVE-2019-2697", "CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684", "CVE-2019-2699"], "description": "### *Detect date*:\n04/16/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions.\n\n### *Affected products*:\nJava SE: 7u211, 8u202, 11.0.2, 12 \nJava SE Embedded: 8u201 \n\n\n### *Solution*:\nUpdate to the latest version\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 April 2019](<https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA>) \n\n\n### *Impacts*:\nSB \n\n### *Related products*:\n[Oracle Java JRE 1.8.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/>)\n\n### *CVE-IDS*:\n[CVE-2019-2698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2698>)8.1Critical \n[CVE-2019-2684](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684>)5.9High \n[CVE-2019-2699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2699>)9.0Critical \n[CVE-2019-2602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2602>)7.5Critical \n[CVE-2019-2697](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2697>)8.1Critical", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2019-04-16T00:00:00", "id": "KLA11470", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11470", "title": "\r KLA11470Multiple vulnerabilities in Oracle Java SE ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:46", "bulletinFamily": "software", "cvelist": ["CVE-2019-2684"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2020-01-07T07:14:00", "published": "2020-01-07T07:14:00", "id": "F5:K11175903", "href": "https://support.f5.com/csp/article/K11175903", "title": "Oracle Java SE vulnerability CVE-2019-2684", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:07", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "[1:1.7.0.221-2.6.18.0.0.1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.221-2.6.18.0]\n- Bump to 2.6.18 and OpenJDK 7u221-b02.\n- Resolves: rhbz#1693468", "edition": 5, "modified": "2019-04-22T00:00:00", "published": "2019-04-22T00:00:00", "id": "ELSA-2019-0791", "href": "http://linux.oracle.com/errata/ELSA-2019-0791.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "[1:1.7.0.221-2.6.18.0.0.1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.221-2.6.18.0]\n- Bump to 2.6.18 and OpenJDK 7u221-b02.\n- Resolves: rhbz#1693468", "edition": 3, "modified": "2019-04-22T00:00:00", "published": "2019-04-22T00:00:00", "id": "ELSA-2019-0790", "href": "http://linux.oracle.com/errata/ELSA-2019-0790.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "[1:1.8.0.212.b04-1]\n- Update to aarch64-shenandoah-jdk8u212-b04.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b03-0]\n- Update to aarch64-shenandoah-jdk8u212-b03.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b02-0]\n- Update to aarch64-shenandoah-jdk8u212-b02.\n- Remove patches included upstream\n - JDK-8197429/PR3546/RH153662{2,3}\n - JDK-8184309/PR3596\n- Re-generate patches\n - JDK-8203030\n- Add casts to resolve s390 ambiguity in calls to log2_intptr\n- Resolves: rhbz#1693468\n[1:1.8.0.202.b08-0]\n- Update to aarch64-shenandoah-jdk8u202-b08.\n- Remove patches included upstream\n - JDK-8211387/PR3559\n - JDK-8073139/PR1758/RH1191652\n - JDK-8044235\n - JDK-8131048/PR3574/RH1498936\n - JDK-8164920/PR3574/RH1498936\n- Resolves: rhbz#1693468\n[1:1.8.0.201.b13-0]\n- Update to aarch64-shenandoah-jdk8u201-b13.\n- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream.\n- Resolves: rhbz#1693468\n[1:1.8.0.201.b09-3]\n- Update patch for RH1566890.\n - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to\n rh1566890-CVE_2018_3639-speculative_store_bypass.patch\n - Added dependent patch,\n rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch\n- Resolves: rhbz#1693468", "edition": 3, "modified": "2019-04-17T00:00:00", "published": "2019-04-17T00:00:00", "id": "ELSA-2019-0774", "href": "http://linux.oracle.com/errata/ELSA-2019-0774.html", "title": "java-1.8.0-openjdk security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "[1:1.8.0.212.b04-0]\n- Update to aarch64-shenandoah-jdk8u212-b04.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b03-0]\n- Update to aarch64-shenandoah-jdk8u212-b03.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b02-0]\n- Update to aarch64-shenandoah-jdk8u212-b02.\n- Remove patches included upstream\n - JDK-8197429/PR3546/RH153662{2,3}\n - JDK-8184309/PR3596\n - JDK-8210647/RH1632174\n- Re-generate patches\n - JDK-8203030\n- Add casts to resolve s390 ambiguity in calls to log2_intptr\n- Resolves: rhbz#1693468\n[1:1.8.0.202.b08-0]\n- Update to aarch64-shenandoah-jdk8u202-b08.\n- Remove patches included upstream\n - JDK-8211387/PR3559\n - JDK-8207057/PR3613\n - JDK-8165852/PR3468\n - JDK-8073139/PR1758/RH1191652\n - JDK-8044235\n - JDK-8172850/RH1640127\n - JDK-8209639/RH1640127\n - JDK-8131048/PR3574/RH1498936\n - JDK-8164920/PR3574/RH1498936\n- Re-generate patches\n - JDK-8210647/RH1632174\n- Resolves: rhbz#1693468\n[1:1.8.0.201.b13-0]\n- Update to aarch64-shenandoah-jdk8u201-b13.\n- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream.\n- Resolves: rhbz#1693468\n[1:1.8.0.201.b09-3]\n- Update patch for RH1566890.\n - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to\n rh1566890-CVE_2018_3639-speculative_store_bypass.patch\n - Added dependent patch,\n rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch\n- Resolves: rhbz#1693468", "edition": 4, "modified": "2019-04-17T00:00:00", "published": "2019-04-17T00:00:00", "id": "ELSA-2019-0775", "href": "http://linux.oracle.com/errata/ELSA-2019-0775.html", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-19T21:15:23", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "[1:1.8.0.212.b04-1]\n- Remove additions to EXTRA_CFLAGS and EXTRA_CPP_FLAGS which are now made by upstream.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b04-1]\n- Add JDK-8223219 to avoid -fstack-protector overriding -fstack-protector-strong\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b04-0]\n- Update to aarch64-shenandoah-jdk8u212-b04.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b03-0]\n- Update to aarch64-shenandoah-jdk8u212-b03.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b02-0]\n- Add new clhsdb and hsdb binaries.\n- Resolves: rhbz#1693468\n[1:1.8.0.212.b02-0]\n- Update to aarch64-shenandoah-jdk8u212-b02.\n- Remove patches included upstream\n - JDK-8197429/PR3546/RH153662{2,3}\n - JDK-8184309/PR3596\n - JDK-8210647/RH1632174\n - JDK-8029661/PR3642/RH1477159\n - JDK-8145096/PR3693\n- Re-generate patches\n - JDK-8203030\n- Add casts to resolve s390 ambiguity in calls to log2_intptr\n- Resolves: rhbz#1693468\n[1:1.8.0.202.b08-0]\n- Update to aarch64-shenandoah-jdk8u202-b08.\n- Remove patches included upstream\n - JDK-8211387/PR3559\n - JDK-8207057/PR3613\n - JDK-8165852/PR3468\n - JDK-8073139/PR1758/RH1191652\n - JDK-8044235\n - JDK-8172850/RH1640127\n - JDK-8209639/RH1640127\n - JDK-8131048/PR3574/RH1498936\n - JDK-8164920/PR3574/RH1498936\n- Re-generate patches\n - JDK-8210647/RH1632174\n- Resolves: rhbz#1693468\n[1:1.8.0.201.b13-0]\n- Update to aarch64-shenandoah-jdk8u201-b13.\n- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream.\n- Resolves: rhbz#1693468\n[1:1.8.0.201.b09-4]\n- Update patch for RH1566890.\n - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to\n rh1566890-CVE_2018_3639-speculative_store_bypass.patch\n - Added dependent patch,\n rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch\n- Resolves: rhbz#1693468\n[1:1.8.0.201.b09-3]\n- removed config declaration from links to config files\n- Resolves: rhbz#1661577", "edition": 1, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1146", "href": "http://linux.oracle.com/errata/ELSA-2019-1146.html", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:47:21", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4453-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 29, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-8\nCVE ID : CVE-2019-2602 CVE-2019-2684 CVE-2019-2698\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in denial of\nservice or sandbox bypass.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8u212-b03-2~deb9u1.\n\nWe recommend that you upgrade your openjdk-8 packages.\n\nFor the detailed security status of openjdk-8 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjdk-8\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2019-05-29T21:16:11", "published": "2019-05-29T21:16:11", "id": "DEBIAN:DSA-4453-1:C46EE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00098.html", "title": "[SECURITY] [DSA 4453-1] openjdk-8 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:08:52", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "Package : openjdk-7\nVersion : 7u221-2.6.18-1~deb8u1\nCVE ID : CVE-2019-2602 CVE-2019-2684 CVE-2019-2698\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in denial of\nservice, sandbox bypass, information disclosure or the execution\nof arbitrary code.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n7u221-2.6.18-1~deb8u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2019-05-10T16:39:20", "published": "2019-05-10T16:39:20", "id": "DEBIAN:DLA-1782-1:EE207", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201905/msg00011.html", "title": "[SECURITY] [DLA 1782-1] openjdk-7 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:40:31", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0775\n\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-April/035312.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-accessibility\njava-1.8.0-openjdk-accessibility-debug\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-javadoc-zip\njava-1.8.0-openjdk-javadoc-zip-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-04-19T18:51:58", "published": "2019-04-19T18:51:58", "id": "CESA-2019:0775", "href": "http://lists.centos.org/pipermail/centos-announce/2019-April/035312.html", "title": "java security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:39:51", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0790\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-April/035315.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-04-22T22:47:39", "published": "2019-04-22T22:47:39", "id": "CESA-2019:0790", "href": "http://lists.centos.org/pipermail/centos-announce/2019-April/035315.html", "title": "java security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:38:14", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0791\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-April/035314.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-04-22T22:45:55", "published": "2019-04-22T22:45:55", "id": "CESA-2019:0791", "href": "http://lists.centos.org/pipermail/centos-announce/2019-April/035314.html", "title": "java security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0774\n\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)\n\n* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)\n\n* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* assert failure in coalesce.cpp: attempted to spill a non-spillable item (BZ#1640127)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-April/035313.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-04-19T18:53:44", "published": "2019-04-19T18:53:44", "id": "CESA-2019:0774", "href": "http://lists.centos.org/pipermail/centos-announce/2019-April/035313.html", "title": "java security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-05-23T16:31:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2602", "CVE-2019-2698", "CVE-2019-2684", "CVE-2018-3639"], "description": "This update for java-1_8_0-openjdk to version 8u212 fixes the following\n issues:\n\n Security issues fixed:\n\n - CVE-2019-2602: Better String parsing (bsc#1132728).\n - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732).\n - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729).\n - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to\n PR_SPEC_DISABLE\n\n Non-Security issue fixed:\n\n - Disable LTO (bsc#1133135).\n - Added Japanese new era name.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-05-23T15:09:41", "published": "2019-05-23T15:09:41", "id": "OPENSUSE-SU-2019:1438-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html", "title": "Security update for java-1_8_0-openjdk (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}