[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc32

2020-10-31T02:02:10

Description

The OpenJDK runtime environment 8.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	32	java-1.8.0-openjdk	1.8.0.272.b10

{"id": "FEDORA:D3CCD30E44A8", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc32", "description": "The OpenJDK runtime environment 8. ", "published": "2020-10-31T02:02:10", "modified": "2020-10-31T02:02:10", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "immutableFields": [], "lastseen": "2021-07-28T18:41:39", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_MAR2021_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2020-1461", "ALAS-2021-1460", "ALAS2-2021-1579"]}, {"type": "centos", "idList": ["CESA-2020:4307", "CESA-2020:4348", "CESA-2020:4350"]}, {"type": "cve", "idList": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2412-1:628E1", "DEBIAN:DSA-4779-1:9D3BF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-14779", "DEBIANCVE:CVE-2020-14781", "DEBIANCVE:CVE-2020-14782", "DEBIANCVE:CVE-2020-14792", "DEBIANCVE:CVE-2020-14796", "DEBIANCVE:CVE-2020-14797", "DEBIANCVE:CVE-2020-14798", "DEBIANCVE:CVE-2020-14803"]}, {"type": "f5", "idList": ["F5:K33606035"]}, {"type": "fedora", "idList": ["FEDORA:3077430E478C", "FEDORA:3ADE530CB475", "FEDORA:530CE30E4495", "FEDORA:95BF230E4780", "FEDORA:D0AEF30CB119"]}, {"type": "gentoo", "idList": ["GLSA-202101-19"]}, {"type": "ibm", "idList": ["001AB77392FE3062EF3A7FFD36146A9441037D6E7B0ACDC74E3BA7CFCD76D0B7", "09860D5CA7283F619CBD365C1EA79AC189437EA074DF5AC3F3DE4F6B6BB9CC51", "0B71D7A095033C412BC847CB534EBB5837905C055A5B82C971D9899F685495B0", "1525724A508489CC0E7038BEC54E267E6A78F3F6098F2E51219BA37E9AAB2713", "15BAEA9166E6741DE1C89915953695CA6F949481B81C803A1CC0E058285773FE", "160D20D6A8B91D8474C417CC46B144C76DC022CB0C76FBDE9EE35E98AB4AD97E", "1831500B08B2E689DEF08832FA43BA51097CA1E5392C629E011B750612DF7F9F", "1879325E67264056B58E8AD7F16855960BE3D80A459CF04AA2C576744065C438", "1E3E3A17E24AFBDF5D458389955A62473ECFC7C17192A77D8289B85E78818DB4", "1FD187C82C721FE9E3ADC68DAD1FD7D98A0BEA9604F61E7FA3D252688C9C9077", "2022C3C5F17E6B4253799360B1AEEFFE3B860EB4C64DD143CE06032EC3F67EA2", "20ADBB13EC81F1854CC32CA80BFEA9657617F15757AA50C7197CC37EA84C747A", "2130103B367D7B67BDBD1C3658C264C675DD16B10B645F7246710CF6B823AEC2", "2157207FCA58CE6076FAFD729583CDD16AD3B6C73B664C04B006D2C5EDCEB3F6", "275798CB944156C90F317EB51EBBD2E49F94756D2A08AAE3457679F327D43CF2", "2762CD7665C166972D6F418E5EF27C583036FAACD6CFCA493941C0F42BB34E6E", "2B50B9E8FB45A81BB73C531092AFED3687465A7CABEE650719243C8CEA52E860", "2CE8D8DE3CAA2F06863116A000CCDC0D7F1B62C41B172D08BD50387C4C1D6C4F", "2D646D26EE3E91FB21FF612DB005555F344C0DD8001B25437AE44D5751A54266", "32EED142406DE9CFBACC40F91E07D78DBC5231D431F3AD314E5B441E6274CF99", "35992C735478C4195892B4336049EB51505E5CECBB054DDC46100D79D5010286", "36E64A25CCA3437AA70AD3C924518AF27B1F3885578120E0EDCD24CB2871EC8A", "38102E60EBE4B7464DEB304A4AC425DE87F6D6B78549A4A028AA29410A483F91", "38D5F63A5F2D0E2EFEBD3B1A3C6C6394E2AFC51D18B9BF85A75201365306025E", "38FEE6207B57DA5A5DF42EF68C25268D3727353E7FACE7CFEA2323A0EDBCB66C", "3AB4AFFD15D3DE7F3C62855E52F8804994739860919C5F58D01C7A8DD630BD86", "3AF284004C6B861D411CC583068CDA62D8A7FFD95CC80370F7CB136E5501F7DF", "3ED4FD2C8470F85949DF252368AA78EA8CAA8991C6A122AC377357CDD8A8EDBD", "42712B8DD4CDA3B3805B08ADA1A69BE60BC643483655C2BDAD0B5404800394C4", "45B1D80665C69B0D58C0CF912C52FE24E5E43384E5526A42C89935935A3B6FD9", "4909F017139BEC062B9B9E88F4D1EB28DDCFEA22A93D9088BD1D824407A4B2CF", "4A13A3496FCF6B846B2A1DE1CDC0810F64A5ABAB123B9000E74EC8183260175D", "4BC0259BE4D4A74A8BC4856AC15F090EA84958956F8555165D313395FB7850E0", "5197E3F8C81E9201B9B0A8849FA58E1420829A78250A3EABFE05257E0C2A59B3", "53458B006608B4F8787503F6477A1196F9DE5CB5BE72977C9E309D97FAC942AD", "53AF526CE8CD0D24F6B7B2C4E67ECE37EDA7001D717C7988ACE0C5BBDF959F60", "5990FF76B19D0FA511D7E8C8E9813978DBA8CE0877B5771662A22C824C6A5A0C", "59D165E43FFC552CBC4F140B81688AA2BAF976122BB3CB29D765A9BCCEC20C8B", "5A9D903F925DF4A31F642746F43AC8E09491BD11B7950C436074F21BDFC78D5C", "5FA1F10E6D20C3D17EE811E21957498CDAA0B83A6A7782FC3B7C05BE3E599612", "6A79804A57464C83E765EAC9A11610877A728BCAB9FC84136C66D810D267B58A", "6AD272C2FBFC327EFCA92D59902CC797D55F1B6B131503FA68D56C4CBBBC360A", "6B7AC197CDE3A0B8FF982EDAA206773F605B417D430B8D857D01A7CB6EC15180", "6F341AA3D9513C6DDE4B848D71FAC2D10ED8FE13BA584E51057701127553853A", "6F4F1C53062E3CCB5E414ED62B34F3272C10230B2B05CC51C72172C8CC3F39DB", "6FEC014F2E67D67CDDF6CD64D280D4B56AFA82780F67F0EBB928C8E35872D4E0", "70C1697CBFF95D93379F71178689FCDF0A013C17BFF374321B81CFE4AB8430F7", "714B11A3EDC826738AF32C2983F55E1C19AB811F05A43B183BC3812599389EA7", "737429C8BEEADC0CF75BA7F4C3EB70B8D63FEBA48D9BC89CF9AA610DB1BB2053", "75AC357231187F410A51D1414A15F5559BFF8F117D99EC8438AC3389D1B6D057", "766274E379F7C148FF402EDCE471D1403266342E73E795F87B12CEFBF8EC635B", "77B81211D74ACF5BB42D2B86A1CDEDCE6A20228D440E2E39EDE7E106B21C7244", "7BC8FE3474FB879402328B1CB94A3BE09C3DE87D74A36169A97C28C97D060AC1", "7C17F2CD956A1F9190132C19BA5F79060600AE4E90B2D93B51661A0E0EFB325D", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7FAB0C8A18074861C1EC7378F9CC8A2688FE02C204F1230FB14964DBF8B477D8", "81EC6738A0A7A211A28C73F6DCF0008D516DD2C1AD9B16644EDBE1AD95CDAFA4", "8259A02A78469DF60698D78CE8C4F785EA7ACB3398EE7EC1F4AD3E208403C1C0", "82880D682C6C1D206AE6B864978AB8AD762D8A203B172CFDE8808FD77805F04B", "8292E5D063054EBF1462FB7EEC363987B5DAB98091103711451CE13FF8BC634F", "862D82A87757DC1029A9F1B9FC4AEBFAFDCB18A438329CED766E467069B38769", "86B8F710D9859CE426498128319D2801CFF643EBD46636FB1667DFE579CF2A97", "87144E213BB6516569F77E89DB4699864FB319606A67888C10A3EA4165C70F9F", "874A6D6E69FB651264C3DC6A60F294571326C9B3102EFC3D4F2DB5BEF88EB924", "89749ACB26CD50CFD0164846EC8F642693384C677F32B82D3C1B94DE2B2EA0EA", "8F189486575F01A40F1764E79238EE1029D45D4E675A2E9F2A1BB86D002E0931", "8F20282D6D9DED2CDB8E9146B39E025F48D9E94D2982142080704CC8E262FDA6", "90334CCEA8E65D406EE59192631A94FAB8161A57060C486D639A2A2B8A7D9054", "94671890F5030DEAA8173E88C781C6012E432140F2EA7AB97D9E638744EDE60F", "948C9861A7054109C4AA2CE3B63E39B8455279C8D018927C2F9FB462D9503C96", "94E5F6F8A30014951856B7FD44308E20900D33CB33C60345B0F49E9033320FBC", "9528F91D9A4332373544407AC15F3266C00E4608C73D7591BB5CAA2580808007", "9B530E7E2707C3B78AB6F27A6365FF9CC30E936AC321098CEF968E8F9D4B5D11", "9CBF8B9968C0BA6D7320B6C737FB3C928B20BB9C36B651A5C82FC934DE93D487", "A1375A7092008F99252DB152511F27B03F24E73797C5B3F6E77A8AD874C12815", "A4882CF317DF6031D20F1547885BBE888D903110D13B7645B58075185E02C930", "A667E95676CFDDB34E833560E8E9BA9F25216C4A71B03870C891B1E6EF74ABB1", "AA13343471B9A9C7BC5A80962A3BA811D016954A15A677BBB8596522D88BA965", "AA643DA452C072985C678A5D5BDAD4254D5683CA54DD0B0EDCA6EFE6D5F77905", "ADF680C22983FFBB35F4EFEA7C978121055C58CDF6636C43C51682DF8DC26701", "AF66CEE60DA1C2C4951F95505C4696A0D5FF03A71224130DD8C1AF083AE4369B", "B0515C6FF66FE1A3B2DA26B9C92703158C0175FB5F1F5498109BB26C6273E298", "B10B38C7CB10C5F9CAAF08B88BB1331D5CF93401EC22D39852EA8C90AFCC7864", "B364B45136D30F93860D1642F6027219A50FB3A260148FB473965B82F8112FFD", "B57FF04381730ADFE1A79F962A26CF116FFE199A4D2BFA19BA4B20A3E8A44791", "B5D79A0059088AF97AFA2BF8E4B18020BE309AB46F51C2D1DC3AA4AA5CCF6B10", "B72A9EABDBC1B21881D58C56FE3F8CF504585C39EAA53A5800BEC9CA7F0E04E4", "BA496303C9AB02888692BF78F4E153279B02A4CA67537DC182BCDC6B04EEDD4B", "BB9310975D8A15748B8E374AD1755D0FC93D2BAB2435E3529FED846DDF511ED1", "C240DF09D934E998A5A6E9F16EE5D00606D3852B389FD502ED34EB411645C177", "C2A91769DD86BAFF4BFB84B77B74E3E03844A2BC76ADE2ED7CB899E5E7886674", "C2D6F29054FFB056410CE1D3348427B6C8F3350992A5BC7838FB4A2522A0AC53", "C3C9C00EACB752631F5E8E9A4AF833BAFB06890D8162BD6B2B6975FBDDE073EE", "C4FCBA3CEDC2C224BD70349C532B8D2A346261373DDBE1DA1EF311898349AE73", "C82F4306CEA011CA0A1BB8E5B2110393E75D23916CE1EADE43A4BE8A4A457A56", "C8C01FFF838D0E0259687F4CEB9C6946A1925F579632B1A9BF5C1B0A70E1A38D", "C930B555AB3D20CF41479DF9AEDE5E46C537D88AE8F5EA860EE98A15908D115E", "CAEA5A07B0BECAC2C7AC92AEE2FCFD8F2C57B47F3359EE75162837E45B3EBC17", "CD5DB799CA8E014ED68C0C576C9D5FA843705AA8B08C82E13438BF716BE60354", "CEAD13875D1C352E24B649695504CAFCA330B1BCE17D4CC33C08BA4BAB4F61AE", "D4A26F310777B3BFE7A5AD9BEAA450292616CA303C4A40F8094A966D59DFF3D4", "D5920C61F1955E93DEAD24F70D30D729B80627BEFA8FE0C1663F2226F391C6DC", "D62DED0A6719FF8C7C17D7B20F17C08E1373B2A9827311E6A365A82CABB1F23C", "D6847B77D8DB462110069F9ED59C039A57D7E94F690947A57076277E5FABA88A", "D6C53056BB9012A9C6CCC38CEBBAD7F6D6DC1A9095E5C3CE63B55CB4765613F9", "D8B8888E3E9F38E290FC9574D568C59CE704EA68D10E8AC3C8AEB327D3849865", "DA5EAC2294284B7BBFBA44D7FC24415A75B51D901728FA4DC08713BCE7B6E02F", "DC350D08CD85CA0672A85E567E3BB2AFC3354EAAF4984AAF4B655C7108D3BF9A", "DE5BA635AB433449AB7C93F224D88838FF8037E6F255DB8AF87D9F9914803C0F", "DFE22493F85EE2F94B11ACC641C93ED059249983D059ABFE45DF94572988E28A", "E060ADD875EFBD5D982CA3C28CEDDFC4DCE9471518A4E401A8707D102DBFC71A", "E243D6C6AC046F4133EDE83A8D1338AAAADFF678ADCA04FFB249ACF924A20FE6", "E7F45E5C9756838B5831A90E0754ABD80F22A0F4A0533D40C05900B39562C45A", "E8642F1371F3F6A78E2BB8A5EBBE6EB0E0B6F14369A854B80B15B5AE9DD1E74D", "ECA4B6A3A2C935BF19C9622E1D843C36A2FFF0C6DF52067883393B763E780C90", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "F0530723F545DF75968AAC7FAECF0C5E471F4541667666363B7F02A6839CF354", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "F41988385D45F475145B048B672DF383037CD646E86362F3924DD8EEF062F9B7", "F65F1D96E364841337F0770420AA39E180E57CF181628F15C7259D9D9A9E8BDD", "FA5F012428FA51EA7AFE9FB0E2171B2CD67D77D2E18E2941289FA0D3B22D0385", "FA9E0D2BF2A4A9D1A122A88F67CC7E511CF0A2C46CB1B4BCF500CF8F7DCD7B87"]}, {"type": "kaspersky", "idList": ["KLA11985"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1579.NASL", "ALA_ALAS-2020-1461.NASL", "ALA_ALAS-2021-1460.NASL", "CENTOS8_RHSA-2020-4305.NASL", "CENTOS8_RHSA-2020-4347.NASL", "CENTOS_RHSA-2020-4307.NASL", "CENTOS_RHSA-2020-4348.NASL", "CENTOS_RHSA-2020-4350.NASL", "DEBIAN_DSA-4779.NASL", "EULEROS_SA-2021-1078.NASL", "EULEROS_SA-2021-1198.NASL", "EULEROS_SA-2021-1310.NASL", "EULEROS_SA-2021-1877.NASL", "EULEROS_SA-2021-1982.NASL", "EULEROS_SA-2021-2220.NASL", "FEDORA_2020-421F817E5F.NASL", "FEDORA_2020-5708DD5B87.NASL", "FEDORA_2020-845860FD4F.NASL", "FEDORA_2020-A405EEA76A.NASL", "FEDORA_2020-FDC79D8E5B.NASL", "FEDORA_2020-FEBE36C3AC.NASL", "GENTOO_GLSA-202101-19.NASL", "OPENJDK_2020-10-20.NASL", "OPENSUSE-2020-1893.NASL", "OPENSUSE-2020-1984.NASL", "OPENSUSE-2020-1994.NASL", "OPENSUSE-2020-2048.NASL", "OPENSUSE-2020-2083.NASL", "OPENSUSE-2021-374.NASL", "ORACLELINUX_ELSA-2020-4305.NASL", "ORACLELINUX_ELSA-2020-4307.NASL", "ORACLELINUX_ELSA-2020-4347.NASL", "ORACLELINUX_ELSA-2020-4348.NASL", "ORACLELINUX_ELSA-2020-4350.NASL", "ORACLE_JAVA_CPU_JAN_2021.NASL", "ORACLE_JAVA_CPU_JAN_2021_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2020.NASL", "ORACLE_JAVA_CPU_OCT_2020_UNIX.NASL", "REDHAT-RHSA-2020-4305.NASL", "REDHAT-RHSA-2020-4306.NASL", "REDHAT-RHSA-2020-4307.NASL", "REDHAT-RHSA-2020-4316.NASL", "REDHAT-RHSA-2020-4347.NASL", "REDHAT-RHSA-2020-4348.NASL", "REDHAT-RHSA-2020-4349.NASL", "REDHAT-RHSA-2020-4350.NASL", "REDHAT-RHSA-2020-4352.NASL", "REDHAT-RHSA-2020-5585.NASL", "REDHAT-RHSA-2020-5586.NASL", "REDHAT-RHSA-2021-0530.NASL", "REDHAT-RHSA-2021-0717.NASL", "REDHAT-RHSA-2021-0733.NASL", "REDHAT-RHSA-2021-0736.NASL", "SL_20201022_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20201027_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20201027_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SUSE_SU-2020-14588-1.NASL", "SUSE_SU-2020-3159-1.NASL", "SUSE_SU-2020-3191-1.NASL", "SUSE_SU-2020-3310-1.NASL", "SUSE_SU-2020-3359-1.NASL", "SUSE_SU-2020-3460-1.NASL", "SUSE_SU-2020-3932-1.NASL", "SUSE_SU-2021-0019-1.NASL", "SUSE_SU-2021-0032-1.NASL", "SUSE_SU-2021-0512-1.NASL", "SUSE_SU-2021-0533-1.NASL", "SUSE_SU-2021-0652-1.NASL", "SUSE_SU-2021-0665-1.NASL", "SUSE_SU-2021-0670-1.NASL", "SUSE_SU-2021-14634-1.NASL", "UBUNTU_USN-4607-1.NASL", "UBUNTU_USN-4607-2.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4305", "ELSA-2020-4307", "ELSA-2020-4347", "ELSA-2020-4348", "ELSA-2020-4350"]}, {"type": "redhat", "idList": ["RHSA-2020:4305", "RHSA-2020:4306", "RHSA-2020:4307", "RHSA-2020:4316", "RHSA-2020:4347", "RHSA-2020:4348", "RHSA-2020:4349", "RHSA-2020:4350", "RHSA-2020:4352", "RHSA-2020:5585", "RHSA-2020:5586", "RHSA-2021:0530", "RHSA-2021:0717", "RHSA-2021:0733", "RHSA-2021:0736"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-14779", "RH:CVE-2020-14781", "RH:CVE-2020-14782", "RH:CVE-2020-14792", "RH:CVE-2020-14796", "RH:CVE-2020-14797", "RH:CVE-2020-14798", "RH:CVE-2020-14803"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1893-1", "OPENSUSE-SU-2020:1984-1", "OPENSUSE-SU-2020:1994-1", "OPENSUSE-SU-2020:2048-1", "OPENSUSE-SU-2020:2083-1", "OPENSUSE-SU-2021:0374-1"]}, {"type": "threatpost", "idList": ["THREATPOST:136544A8850662645EB54E79AAB40F75"]}, {"type": "ubuntu", "idList": ["USN-4607-1", "USN-4607-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-14779", "UB:CVE-2020-14781", "UB:CVE-2020-14782", "UB:CVE-2020-14792", "UB:CVE-2020-14796", "UB:CVE-2020-14797", "UB:CVE-2020-14798", "UB:CVE-2020-14803"]}], "rev": 4}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_MAR2021_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2020-1461", "ALAS-2021-1460", "ALAS2-2021-1579"]}, {"type": "centos", "idList": ["CESA-2020:4307", "CESA-2020:4348", "CESA-2020:4350"]}, {"type": "cve", "idList": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2412-1:628E1", "DEBIAN:DSA-4779-1:9D3BF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-14779", "DEBIANCVE:CVE-2020-14781", "DEBIANCVE:CVE-2020-14782", "DEBIANCVE:CVE-2020-14792", "DEBIANCVE:CVE-2020-14796", "DEBIANCVE:CVE-2020-14797", "DEBIANCVE:CVE-2020-14798", "DEBIANCVE:CVE-2020-14803"]}, {"type": "f5", "idList": ["F5:K33606035"]}, {"type": "fedora", "idList": ["FEDORA:3077430E478C", "FEDORA:3ADE530CB475", "FEDORA:530CE30E4495", "FEDORA:95BF230E4780", "FEDORA:D0AEF30CB119"]}, {"type": "gentoo", "idList": ["GLSA-202101-19"]}, {"type": "ibm", "idList": ["0B71D7A095033C412BC847CB534EBB5837905C055A5B82C971D9899F685495B0", "15BAEA9166E6741DE1C89915953695CA6F949481B81C803A1CC0E058285773FE", "20ADBB13EC81F1854CC32CA80BFEA9657617F15757AA50C7197CC37EA84C747A", "59D165E43FFC552CBC4F140B81688AA2BAF976122BB3CB29D765A9BCCEC20C8B", "6A79804A57464C83E765EAC9A11610877A728BCAB9FC84136C66D810D267B58A", "6AD272C2FBFC327EFCA92D59902CC797D55F1B6B131503FA68D56C4CBBBC360A", "6FEC014F2E67D67CDDF6CD64D280D4B56AFA82780F67F0EBB928C8E35872D4E0", "7BC8FE3474FB879402328B1CB94A3BE09C3DE87D74A36169A97C28C97D060AC1", "8292E5D063054EBF1462FB7EEC363987B5DAB98091103711451CE13FF8BC634F", "86B8F710D9859CE426498128319D2801CFF643EBD46636FB1667DFE579CF2A97", "94E5F6F8A30014951856B7FD44308E20900D33CB33C60345B0F49E9033320FBC", "9B530E7E2707C3B78AB6F27A6365FF9CC30E936AC321098CEF968E8F9D4B5D11", "A1375A7092008F99252DB152511F27B03F24E73797C5B3F6E77A8AD874C12815", "B0515C6FF66FE1A3B2DA26B9C92703158C0175FB5F1F5498109BB26C6273E298", "B364B45136D30F93860D1642F6027219A50FB3A260148FB473965B82F8112FFD", "B5D79A0059088AF97AFA2BF8E4B18020BE309AB46F51C2D1DC3AA4AA5CCF6B10", "DA5EAC2294284B7BBFBA44D7FC24415A75B51D901728FA4DC08713BCE7B6E02F"]}, {"type": "kaspersky", "idList": ["KLA11985"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1579.NASL", "ALA_ALAS-2020-1461.NASL", "ALA_ALAS-2021-1460.NASL", "CENTOS8_RHSA-2020-4305.NASL", "CENTOS8_RHSA-2020-4347.NASL", "CENTOS_RHSA-2020-4307.NASL", "CENTOS_RHSA-2020-4348.NASL", "CENTOS_RHSA-2020-4350.NASL", "DEBIAN_DSA-4779.NASL", "EULEROS_SA-2021-1078.NASL", "EULEROS_SA-2021-1310.NASL", "FEDORA_2020-5708DD5B87.NASL", "FEDORA_2020-845860FD4F.NASL", "GENTOO_GLSA-202101-19.NASL", "OPENSUSE-2020-1893.NASL", "OPENSUSE-2021-374.NASL", "ORACLELINUX_ELSA-2020-4305.NASL", "ORACLELINUX_ELSA-2020-4307.NASL", "ORACLELINUX_ELSA-2020-4347.NASL", "ORACLELINUX_ELSA-2020-4348.NASL", "ORACLELINUX_ELSA-2020-4350.NASL", "ORACLE_JAVA_CPU_OCT_2020.NASL", "ORACLE_JAVA_CPU_OCT_2020_UNIX.NASL", "REDHAT-RHSA-2020-4305.NASL", "REDHAT-RHSA-2020-4306.NASL", "REDHAT-RHSA-2020-4307.NASL", "REDHAT-RHSA-2020-4316.NASL", "REDHAT-RHSA-2020-4347.NASL", "REDHAT-RHSA-2020-4348.NASL", "REDHAT-RHSA-2020-4349.NASL", "REDHAT-RHSA-2020-4350.NASL", "REDHAT-RHSA-2020-4352.NASL", "REDHAT-RHSA-2020-5585.NASL", "REDHAT-RHSA-2020-5586.NASL", "REDHAT-RHSA-2021-0530.NASL", "REDHAT-RHSA-2021-0717.NASL", "REDHAT-RHSA-2021-0733.NASL", "REDHAT-RHSA-2021-0736.NASL", "SL_20201022_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20201027_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20201027_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SUSE_SU-2020-3159-1.NASL", "SUSE_SU-2020-3191-1.NASL", "SUSE_SU-2020-3310-1.NASL", "SUSE_SU-2020-3359-1.NASL", "SUSE_SU-2020-3460-1.NASL", "SUSE_SU-2020-3932-1.NASL", "SUSE_SU-2021-0019-1.NASL", "SUSE_SU-2021-0032-1.NASL", "SUSE_SU-2021-0512-1.NASL", "SUSE_SU-2021-0533-1.NASL", "SUSE_SU-2021-0652-1.NASL", "SUSE_SU-2021-0665-1.NASL", "SUSE_SU-2021-0670-1.NASL", "UBUNTU_USN-4607-1.NASL", "UBUNTU_USN-4607-2.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4305", "ELSA-2020-4307", "ELSA-2020-4348"]}, {"type": "redhat", "idList": ["RHSA-2021:0733"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-14779", "RH:CVE-2020-14792", "RH:CVE-2020-14796", "RH:CVE-2020-14797", "RH:CVE-2020-14798", "RH:CVE-2020-14803"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1893-1"]}, {"type": "threatpost", "idList": ["THREATPOST:136544A8850662645EB54E79AAB40F75"]}, {"type": "ubuntu", "idList": ["USN-4607-1", "USN-4607-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-14792", "UB:CVE-2020-14796", "UB:CVE-2020-14797", "UB:CVE-2020-14803"]}]}, "exploitation": null, "vulnersScore": 5.8}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "32", "arch": "any", "packageVersion": "1.8.0.272.b10", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "java-1.8.0-openjdk"}]}

{"kaspersky": [{"lastseen": "2021-08-18T11:00:03", "description": "### *Detect date*:\n10/20/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service.\n\n### *Affected products*:\nJava SE: 7u271, 8u261, 11.0.8 and 15; \nJava SE Embedded: 8u261\n\n### *Solution*:\nUpdate to the latest version \n[Download Java](<https://www.oracle.com/java/>)\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 October 2020](<https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2020-14782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14782>)4.3Warning \n[CVE-2020-14798](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14798>)2.6Warning \n[CVE-2020-14792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14792>)5.8High \n[CVE-2020-14796](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14796>)2.6Warning \n[CVE-2020-14781](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14781>)4.3Warning \n[CVE-2020-14779](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14779>)4.3Warning \n[CVE-2020-14803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14803>)5.0Critical \n[CVE-2020-14797](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14797>)4.3Warning", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-10-20T00:00:00", "type": "kaspersky", "title": "KLA11985 Multiple vulnerabilities in Oracle Java SE", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2020-10-23T00:00:00", "id": "KLA11985", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11985/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2022-05-15T14:15:02", "description": "Several vulnerabilities have been discovered in the OpenJDK Java runtime, which could result in denial of service, information disclosure, bypass of access/sandbox restrictions or the acceptance of untrusted certificates.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Debian DSA-4779-1 : openjdk-11 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-11", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4779.NASL", "href": "https://www.tenable.com/plugins/nessus/141886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4779. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141886);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n script_xref(name:\"DSA\", value:\"4779\");\n\n script_name(english:\"Debian DSA-4779-1 : openjdk-11 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the OpenJDK Java\nruntime, which could result in denial of service, information\ndisclosure, bypass of access/sandbox restrictions or the acceptance of\nuntrusted certificates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjdk-11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/openjdk-11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4779\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openjdk-11 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 11.0.9+11-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-dbg\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-demo\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-doc\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jdk\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jdk-headless\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jre\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jre-headless\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-jre-zero\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openjdk-11-source\", reference:\"11.0.9+11-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:32:31", "description": "New in release OpenJDK 8u272 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk8u272\n\n- https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt\n\n## New features\n\n - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files pacificnew and systemv have been removed. As a result, the 'US/Pacific-New' zone name declared in the pacificnew data file is no longer available for use.\n\nInformation regarding the update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Fedora 32 : 1:java-1.8.0-openjdk (2020-a405eea76a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:java-1.8.0-openjdk", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-A405EEA76A.NASL", "href": "https://www.tenable.com/plugins/nessus/142198", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a405eea76a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142198);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n script_xref(name:\"FEDORA\", value:\"2020-a405eea76a\");\n\n script_name(english:\"Fedora 32 : 1:java-1.8.0-openjdk (2020-a405eea76a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New in release OpenJDK 8u272 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk8u272\n\n- https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt\n\n## New features\n\n - JDK-8245468: Add TLSv1.3 implementation classes from\n 11.0.7\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of\ntzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files\npacificnew and systemv have been removed. As a result, the\n'US/Pacific-New' zone name declared in the pacificnew data file is no\nlonger available for use.\n\nInformation regarding the update can be viewed at\nhttps://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a405eea76a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:java-1.8.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"java-1.8.0-openjdk-1.8.0.272.b10-0.fc32\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:32:29", "description": "New in release OpenJDK 11.0.9 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk1109\n\n- https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files pacificnew and systemv have been removed. As a result, the 'US/Pacific-New' zone name declared in the pacificnew data file is no longer available for use.\n\nInformation regarding the update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Fedora 32 : 1:java-11-openjdk (2020-fdc79d8e5b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:java-11-openjdk", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-FDC79D8E5B.NASL", "href": "https://www.tenable.com/plugins/nessus/142195", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-fdc79d8e5b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142195);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n script_xref(name:\"FEDORA\", value:\"2020-fdc79d8e5b\");\n\n script_name(english:\"Fedora 32 : 1:java-11-openjdk (2020-fdc79d8e5b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New in release OpenJDK 11.0.9 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk1109\n\n- https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of\ntzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files\npacificnew and systemv have been removed. As a result, the\n'US/Pacific-New' zone name declared in the pacificnew data file is no\nlonger available for use.\n\nInformation regarding the update can be viewed at\nhttps://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-fdc79d8e5b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:java-11-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"java-11-openjdk-11.0.9.11-0.fc32\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:java-11-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:34:14", "description": "This update for java-11-openjdk fixes the following issues :\n\nUpdate to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect\n\n + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called\n\n + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a memory leak\n\n + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step1\n\n + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!\n\n + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC\n\n + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step3\n\n + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions\n\n + JDK-8226536: Catch OOM from deopt that fails rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made container aware\n\n + JDK-8226697: Several tests which need the @key headful keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue offsets\n\n + JDK-8231953: Wrong assumption in assertion in oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950 charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration\n\n + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines successfully\n\n + JDK-8234687: change javap reporting on unknown attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval\n\n + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() ||\n\n((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), 'shou ld be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name on Linux\n\n + JDK-8240676: Meet not symmetric failure when running lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME\n\n + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch\n\n + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi headers location\n\n + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j ava\n\n + JDK-8250787: Provider.put no longer registering aliases in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U\n\n + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes\n\n + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-11-openjdk", "p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-11-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-11-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-11-openjdk-headless", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3159-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143791", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3159-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143791);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-11-openjdk fixes the following issues :\n\nUpdate to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage\n Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with\n truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/\n /PDialogTest.java needs update by removing an infinite\n loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/\n /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly\n represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh\n failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/\n /CloseServerSocket.java fails intermittently with\n Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java\n failed due to timeout on DeadServerNoTimeoutTest is\n incorrect\n\n + JDK-8160768: Add capability to custom resolve\n host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are\n used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails\n intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such\n object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when\n editor.setBorder() is called\n\n + JDK-8203382: Rename\n SystemDictionary::initialize_wk_klass to\n resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and\n JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding\n serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a\n memory leak\n\n + JDK-8204994: SA might fail to attach to process with\n 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from\n serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/\n /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step1\n\n + JDK-8209332: [TEST]\n test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to\n Error attaching to process: Can't create thread_db\n agent!\n\n + JDK-8209343: Test\n javax/swing/border/TestTitledBorderLeak.java should be\n marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails\n with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails\n with ZGC\n\n + JDK-8209608: Problem list\n com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/\n /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error\n code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step3\n\n + JDK-8210527: JShell: NullPointerException in\n jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi\n redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java\n fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt()\n should clarify which output is the pending reply after a\n timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails\n to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert\n com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is\n redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in\n test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1\n (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200\n (assert when shared java.lang.Object is redefined by\n JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with\n jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when\n dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver\n type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with\n 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java\n testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074\n (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to\n 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool\n after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are\n not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in\n stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased\n glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx\n patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/\n /ReplaceCriticalClasses.java fails: Shared archive not\n found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields\n decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not\n rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw\n anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec()\n jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen\n signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails\n in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry()\n throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption\n and decryption optimization using AVX512 + VAES\n instructions\n\n + JDK-8226536: Catch OOM from deopt that fails\n rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made\n container aware\n\n + JDK-8226697: Several tests which need the @key headful\n keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace\n is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/\n /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due\n to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities\n for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly\n truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/\n /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an\n arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with\n assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null\n recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar\n to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO]\n ThreadMXBean::getThreadAllocatedBytes() can be quicker\n for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue\n offsets\n\n + JDK-8231953: Wrong assumption in assertion in\n oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default\n implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950\n charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice\n during iteration\n\n + JDK-8233228: Disable weak named curves by default in\n TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused\n decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with\n RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of\n memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization\n using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name\n under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection\n finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in\n ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/\n /CompressedClassPointers.java fails with 'Narrow klass\n base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose\n Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate\n composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/\n /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing\n CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines\n successfully\n\n + JDK-8234687: change javap reporting on unknown\n attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in\n JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency\n between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/\n /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and\n epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/\n /CertPathValidator/certification/LuxTrustCA.java fails\n when checking validity interval\n\n + JDK-8237977: Further update\n javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease\n stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an\n obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c\n 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp)\n jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple\n definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition'\n link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when\n using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if\n exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL ||\n (known_holder->is_instance_klass() &&\n (!known_holder->is_interface() ||\n\n((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())),\n'shou ld be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly\n to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api\n docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not\n accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name\n on Linux\n\n + JDK-8240676: Meet not symmetric failure when running\n lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove\n ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after\n JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is\n failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes\n StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails\n with OOME\n\n + JDK-8241574: Shenandoah: remove\n ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path\n includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with\n non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/\n /Compatibility.java with a flexible interop test\n framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls\n extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA\n program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA\n program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with\n non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for\n unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong\n data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong\n value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the\n latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for\n compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call\n from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized'\n exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with\n 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from\n SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after\n JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving\n application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate\n warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late'\n when loads are pinned on loop limit check uncommon\n branch\n\n + JDK-8245801: StressRecompilation triggers assert\n 'redundunt OSR recompilation detected. memory leak in\n CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all\n JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag\n early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after\n JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not\n working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails\n with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to\n stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected\n exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and\n expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size\n of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising\n effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap\n sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with\n SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template\n not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing\n flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce\n false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in\n fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to\n jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi\n headers location\n\n + JDK-8248851: CMS: Missing memory fences between free\n chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly\n fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate\n from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu\n is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home\n dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with\n timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of\n AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC\n cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests\n should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN\n when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for\n enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for\n jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j\n ava\n\n + JDK-8250787: Provider.put no longer registering aliases\n in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which\n comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish\n StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors\n check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and\n P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix\n jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots\n with I-U\n\n + JDK-8251469: Better cleanup for\n test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking\n for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java\n misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary\n compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default\n vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test\n after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000\n (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/\n /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes\n several crashes\n\n + Fix regression '8250861: Crash in\n MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk\n 11.0.9\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14779/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14782/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14796/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14797/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14798/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14803/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203159-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d43d3cfd\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3159=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-11-openjdk-11.0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-11-openjdk-debuginfo-11.0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-11-openjdk-debugsource-11.0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-11-openjdk-demo-11.0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-11-openjdk-devel-11.0.9.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-11-openjdk-headless-11.0.9.0-3.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-10T03:11:32", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14588-1 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2020:14588-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14588-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150637", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14588-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150637);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14588-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2020:14588-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14588-1 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1\n Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java\n applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that\n load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1\n (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base\n Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180063\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-December/008106.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74bacb75\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'java-1_7_1-ibm-1.7.1_sr4.75-26.62', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'java-1_7_1-ibm-alsa-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'java-1_7_1-ibm-alsa-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'java-1_7_1-ibm-devel-1.7.1_sr4.75-26.62', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'java-1_7_1-ibm-jdbc-1.7.1_sr4.75-26.62', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'java-1_7_1-ibm-plugin-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'java-1_7_1-ibm-plugin-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'java-1_7_1-ibm-1.7.1_sr4.75-26.62', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'java-1_7_1-ibm-alsa-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'java-1_7_1-ibm-alsa-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'java-1_7_1-ibm-devel-1.7.1_sr4.75-26.62', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'java-1_7_1-ibm-jdbc-1.7.1_sr4.75-26.62', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'java-1_7_1-ibm-plugin-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'i586', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'java-1_7_1-ibm-plugin-1.7.1_sr4.75-26.62', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1_7_1-ibm / java-1_7_1-ibm-alsa / java-1_7_1-ibm-devel / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:30:36", "description": "This update for java-11-openjdk fixes the following issues :\n\n - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect\n\n + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called\n\n + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a memory leak\n\n + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1\n\n + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!\n\n + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC\n\n + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3\n\n + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions\n\n + JDK-8226536: Catch OOM from deopt that fails rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made container aware\n\n + JDK-8226697: Several tests which need the @key headful keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue offsets\n\n + JDK-8231953: Wrong assumption in assertion in oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950 charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration\n\n + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines successfully\n\n + JDK-8234687: change javap reporting on unknown attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval\n\n + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete\n _methods())), 'should be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name on Linux\n\n + JDK-8240676: Meet not symmetric failure when running lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME\n\n + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch\n\n + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi headers location\n\n + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j ava\n\n + JDK-8250787: Provider.put no longer registering aliases in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure (type,obj)ArrayOopDesc accessors check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U\n\n + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes\n\n + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-11-openjdk (openSUSE-2020-1984)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-11-openjdk", "p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo", "p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-11-openjdk-demo", "p-cpe:/a:novell:opensuse:java-11-openjdk-devel", "p-cpe:/a:novell:opensuse:java-11-openjdk-headless", "p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-11-openjdk-jmods", "p-cpe:/a:novell:opensuse:java-11-openjdk-src", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1984.NASL", "href": "https://www.tenable.com/plugins/nessus/143184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1984.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143184);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n\n script_name(english:\"openSUSE Security Update : java-11-openjdk (openSUSE-2020-1984)\");\n script_summary(english:\"Check for the openSUSE-2020-1984 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for java-11-openjdk fixes the following issues :\n\n - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU,\n bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage\n Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with\n truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/\n /PDialogTest.java needs update by removing an infinite\n loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/\n /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly\n represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh\n failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/\n /CloseServerSocket.java fails intermittently with\n Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java\n failed due to timeout on DeadServerNoTimeoutTest is\n incorrect\n\n + JDK-8160768: Add capability to custom resolve\n host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are\n used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails\n intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such\n object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when\n editor.setBorder() is called\n\n + JDK-8203382: Rename\n SystemDictionary::initialize_wk_klass to\n resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and\n JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding\n serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a\n memory leak\n\n + JDK-8204994: SA might fail to attach to process with\n 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from\n serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/\n /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to\n java version - step1\n\n + JDK-8209332: [TEST]\n test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to\n Error attaching to process: Can't create thread_db\n agent!\n\n + JDK-8209343: Test\n javax/swing/border/TestTitledBorderLeak.java should be\n marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails\n with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to\n java version - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails\n with ZGC\n\n + JDK-8209608: Problem list\n com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/\n /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error\n code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to\n java version - step3\n\n + JDK-8210527: JShell: NullPointerException in\n jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi\n redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java\n fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt()\n should clarify which output is the pending reply after a\n timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to\n java version - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails\n to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert\n com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is\n redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in\n test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1\n (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200\n (assert when shared java.lang.Object is redefined by\n JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with\n jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when\n dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver\n type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with\n 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java\n testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074\n (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to\n 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool\n after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are\n not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in\n stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased\n glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx\n patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/\n /ReplaceCriticalClasses.java fails: Shared archive not\n found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields\n decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not\n rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw\n anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec()\n jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen\n signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails\n in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry()\n throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption\n and decryption optimization using AVX512 + VAES\n instructions\n\n + JDK-8226536: Catch OOM from deopt that fails\n rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made\n container aware\n\n + JDK-8226697: Several tests which need the @key headful\n keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace\n is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/\n /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due\n to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities\n for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly\n truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/\n /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an\n arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with\n assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null\n recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar\n to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO]\n ThreadMXBean::getThreadAllocatedBytes() can be quicker\n for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue\n offsets\n\n + JDK-8231953: Wrong assumption in assertion in\n oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default\n implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950\n charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice\n during iteration\n\n + JDK-8233228: Disable weak named curves by default in\n TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused\n decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with\n RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of\n memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization\n using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name\n under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection\n finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in\n ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/\n /CompressedClassPointers.java fails with 'Narrow klass\n base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose\n Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate\n composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/\n /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing\n CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines\n successfully\n\n + JDK-8234687: change javap reporting on unknown\n attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in\n JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency\n between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/\n /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and\n epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/\n /CertPathValidator/certification/LuxTrustCA.java fails\n when checking validity interval\n\n + JDK-8237977: Further update\n javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease\n stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an\n obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c\n 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp)\n jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple\n definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition'\n link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when\n using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if\n exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL ||\n (known_holder->is_instance_klass() &&\n (!known_holder->is_interface() ||\n ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete\n _methods())), 'should be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly\n to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api\n docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not\n accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name\n on Linux\n\n + JDK-8240676: Meet not symmetric failure when running\n lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove\n ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after\n JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is\n failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes\n StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails\n with OOME\n\n + JDK-8241574: Shenandoah: remove\n ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path\n includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with\n non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/\n /Compatibility.java with a flexible interop test\n framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls\n extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA\n program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA\n program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with\n non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for\n unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong\n data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong\n value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the\n latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for\n compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call\n from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized'\n exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with\n 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from\n SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after\n JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving\n application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate\n warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late'\n when loads are pinned on loop limit check uncommon\n branch\n\n + JDK-8245801: StressRecompilation triggers assert\n 'redundunt OSR recompilation detected. memory leak in\n CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all\n JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag\n early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after\n JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not\n working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails\n with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to\n stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected\n exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and\n expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size\n of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising\n effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap\n sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with\n SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template\n not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing\n flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce\n false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in\n fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to\n jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi\n headers location\n\n + JDK-8248851: CMS: Missing memory fences between free\n chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly\n fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate\n from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu\n is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home\n dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with\n timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of\n AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC\n cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests\n should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN\n when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for\n enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for\n jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j\n ava\n\n + JDK-8250787: Provider.put no longer registering aliases\n in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which\n comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish\n StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure (type,obj)ArrayOopDesc accessors\n check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and\n P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix\n jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots\n with I-U\n\n + JDK-8251469: Better cleanup for\n test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking\n for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java\n misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary\n compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default\n vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test\n after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000\n (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/\n /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes\n several crashes\n\n + Fix regression '8250861: Crash in\n MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk\n 11.0.9\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177943\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected java-11-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-accessibility-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-accessibility-debuginfo-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-debuginfo-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-debugsource-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-demo-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-devel-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-headless-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-javadoc-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-jmods-11.0.9.0-lp151.3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-11-openjdk-src-11.0.9.0-lp151.3.22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:31:36", "description": "This update for java-11-openjdk fixes the following issues :\n\n - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect\n\n + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called\n\n + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a memory leak\n\n + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1\n\n + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!\n\n + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC\n\n + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3\n\n + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions\n\n + JDK-8226536: Catch OOM from deopt that fails rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made container aware\n\n + JDK-8226697: Several tests which need the @key headful keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue offsets\n\n + JDK-8231953: Wrong assumption in assertion in oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950 charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration\n\n + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines successfully\n\n + JDK-8234687: change javap reporting on unknown attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval\n\n + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete\n _methods())), 'should be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name on Linux\n\n + JDK-8240676: Meet not symmetric failure when running lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME\n\n + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch\n\n + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi headers location\n\n + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j ava\n\n + JDK-8250787: Provider.put no longer registering aliases in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure (type,obj)ArrayOopDesc accessors check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U\n\n + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes\n\n + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-11-openjdk (openSUSE-2020-1994)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-11-openjdk", "p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo", "p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-11-openjdk-demo", "p-cpe:/a:novell:opensuse:java-11-openjdk-devel", "p-cpe:/a:novell:opensuse:java-11-openjdk-headless", "p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-11-openjdk-jmods", "p-cpe:/a:novell:opensuse:java-11-openjdk-src", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1994.NASL", "href": "https://www.tenable.com/plugins/nessus/143168", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1994.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143168);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n\n script_name(english:\"openSUSE Security Update : java-11-openjdk (openSUSE-2020-1994)\");\n script_summary(english:\"Check for the openSUSE-2020-1994 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for java-11-openjdk fixes the following issues :\n\n - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU,\n bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage\n Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with\n truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/\n /PDialogTest.java needs update by removing an infinite\n loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/\n /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly\n represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh\n failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/\n /CloseServerSocket.java fails intermittently with\n Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java\n failed due to timeout on DeadServerNoTimeoutTest is\n incorrect\n\n + JDK-8160768: Add capability to custom resolve\n host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are\n used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails\n intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such\n object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when\n editor.setBorder() is called\n\n + JDK-8203382: Rename\n SystemDictionary::initialize_wk_klass to\n resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and\n JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding\n serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a\n memory leak\n\n + JDK-8204994: SA might fail to attach to process with\n 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from\n serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/\n /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to\n java version - step1\n\n + JDK-8209332: [TEST]\n test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to\n Error attaching to process: Can't create thread_db\n agent!\n\n + JDK-8209343: Test\n javax/swing/border/TestTitledBorderLeak.java should be\n marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails\n with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to\n java version - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails\n with ZGC\n\n + JDK-8209608: Problem list\n com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/\n /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error\n code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to\n java version - step3\n\n + JDK-8210527: JShell: NullPointerException in\n jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi\n redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java\n fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt()\n should clarify which output is the pending reply after a\n timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to\n java version - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails\n to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert\n com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is\n redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in\n test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1\n (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200\n (assert when shared java.lang.Object is redefined by\n JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with\n jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when\n dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver\n type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with\n 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java\n testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074\n (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to\n 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool\n after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are\n not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in\n stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased\n glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx\n patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/\n /ReplaceCriticalClasses.java fails: Shared archive not\n found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields\n decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not\n rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw\n anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec()\n jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen\n signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails\n in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry()\n throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption\n and decryption optimization using AVX512 + VAES\n instructions\n\n + JDK-8226536: Catch OOM from deopt that fails\n rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made\n container aware\n\n + JDK-8226697: Several tests which need the @key headful\n keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace\n is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/\n /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due\n to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities\n for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly\n truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/\n /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an\n arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with\n assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null\n recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar\n to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO]\n ThreadMXBean::getThreadAllocatedBytes() can be quicker\n for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue\n offsets\n\n + JDK-8231953: Wrong assumption in assertion in\n oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default\n implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950\n charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice\n during iteration\n\n + JDK-8233228: Disable weak named curves by default in\n TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused\n decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with\n RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of\n memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization\n using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name\n under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection\n finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in\n ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/\n /CompressedClassPointers.java fails with 'Narrow klass\n base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose\n Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate\n composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/\n /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing\n CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines\n successfully\n\n + JDK-8234687: change javap reporting on unknown\n attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in\n JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency\n between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/\n /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and\n epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/\n /CertPathValidator/certification/LuxTrustCA.java fails\n when checking validity interval\n\n + JDK-8237977: Further update\n javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease\n stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an\n obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c\n 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp)\n jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple\n definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition'\n link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when\n using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if\n exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL ||\n (known_holder->is_instance_klass() &&\n (!known_holder->is_interface() ||\n ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete\n _methods())), 'should be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly\n to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api\n docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not\n accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name\n on Linux\n\n + JDK-8240676: Meet not symmetric failure when running\n lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove\n ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after\n JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is\n failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes\n StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails\n with OOME\n\n + JDK-8241574: Shenandoah: remove\n ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path\n includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with\n non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/\n /Compatibility.java with a flexible interop test\n framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls\n extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA\n program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA\n program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with\n non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for\n unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong\n data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong\n value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the\n latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for\n compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call\n from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized'\n exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with\n 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from\n SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after\n JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving\n application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate\n warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late'\n when loads are pinned on loop limit check uncommon\n branch\n\n + JDK-8245801: StressRecompilation triggers assert\n 'redundunt OSR recompilation detected. memory leak in\n CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all\n JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag\n early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after\n JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not\n working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails\n with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to\n stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected\n exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and\n expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size\n of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising\n effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap\n sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with\n SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template\n not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing\n flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce\n false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in\n fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to\n jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi\n headers location\n\n + JDK-8248851: CMS: Missing memory fences between free\n chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly\n fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate\n from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu\n is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home\n dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with\n timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of\n AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC\n cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests\n should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN\n when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for\n enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for\n jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j\n ava\n\n + JDK-8250787: Provider.put no longer registering aliases\n in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which\n comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish\n StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure (type,obj)ArrayOopDesc accessors\n check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and\n P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix\n jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots\n with I-U\n\n + JDK-8251469: Better cleanup for\n test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking\n for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java\n misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary\n compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default\n vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test\n after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000\n (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/\n /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes\n several crashes\n\n + Fix regression '8250861: Crash in\n MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk\n 11.0.9\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177943\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected java-11-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-accessibility-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-accessibility-debuginfo-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-debuginfo-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-debugsource-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-demo-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-devel-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-headless-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-javadoc-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-jmods-11.0.9.0-lp152.2.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"java-11-openjdk-src-11.0.9.0-lp152.2.6.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-06T23:31:46", "description": "The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 20 2020 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "IBM Java 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:ibm:java"], "id": "IBM_JAVA_2020_10_20.NASL", "href": "https://www.tenable.com/plugins/nessus/160368", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160368);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0477-S\");\n\n script_name(english:\"IBM Java 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"IBM Java is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25. It\nis, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 20 2020 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java\n applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that\n load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ28903\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ28904\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ28905\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ28906\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ28907\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ28908\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ30419\");\n # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#Oracle_October_20_2020_CPU\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b4a37978\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Oracle October 20 2020 CPU advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:java\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_java_nix_installed.nbin\", \"ibm_java_win_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['IBM Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '7.0.0', 'fixed_version' : '7.0.10.80' },\n { 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.80' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.0.6.25' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-06T23:29:47", "description": "The version of Amazon Corretto installed on the remote host is prior to 8 < 8.272.10.3. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2020-Oct-21 advisory.\n\n - core-libs/java.io:serialization (CVE-2020-14779)\n\n - core-libs/javax.naming (CVE-2020-14781)\n\n - security-libs/java.security (CVE-2020-14782)\n\n - hotspot/compiler (CVE-2020-14792)\n\n - core-libs/java.io (CVE-2020-14796, CVE-2020-14798, CVE-2020-14803)\n\n - core-libs/java.nio (CVE-2020-14797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "Amazon Corretto Java 8.x < 8.272.10.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:amazon:corretto"], "id": "AMAZON_CORRETTO_8_272_10_3.NASL", "href": "https://www.tenable.com/plugins/nessus/159421", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159421);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"Amazon Corretto Java 8.x < 8.272.10.3 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Amazon Corretto is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Amazon Corretto installed on the remote host is prior to 8 < 8.272.10.3. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the corretto-8-2020-Oct-21 advisory.\n\n - core-libs/java.io:serialization (CVE-2020-14779)\n\n - core-libs/javax.naming (CVE-2020-14781)\n\n - security-libs/java.security (CVE-2020-14782)\n\n - hotspot/compiler (CVE-2020-14792)\n\n - core-libs/java.io (CVE-2020-14796, CVE-2020-14798, CVE-2020-14803)\n\n - core-libs/java.nio (CVE-2020-14797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/corretto/corretto-8/blob/develop/CHANGELOG.md#corretto-version-8272103\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?886c5d06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Amazon Corretto Java 8.272.10.3 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:amazon:corretto\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"amazon_corretto_win_installed.nbin\", \"amazon_corretto_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['Amazon Corretto Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '8.0', 'fixed_version' : '8.272.10.3' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:30:37", "description": "New in release OpenJDK 8u272 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk8u272\n\n- https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt\n\n## New features\n\n - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files pacificnew and systemv have been removed. As a result, the 'US/Pacific-New' zone name declared in the pacificnew data file is no longer available for use.\n\nInformation regarding the update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Fedora 31 : 1:java-1.8.0-openjdk (2020-febe36c3ac)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:java-1.8.0-openjdk", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-FEBE36C3AC.NASL", "href": "https://www.tenable.com/plugins/nessus/142191", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-febe36c3ac.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142191);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n script_xref(name:\"FEDORA\", value:\"2020-febe36c3ac\");\n\n script_name(english:\"Fedora 31 : 1:java-1.8.0-openjdk (2020-febe36c3ac)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New in release OpenJDK 8u272 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk8u272\n\n- https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt\n\n## New features\n\n - JDK-8245468: Add TLSv1.3 implementation classes from\n 11.0.7\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of\ntzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files\npacificnew and systemv have been removed. As a result, the\n'US/Pacific-New' zone name declared in the pacificnew data file is no\nlonger available for use.\n\nInformation regarding the update can be viewed at\nhttps://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-febe36c3ac\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:java-1.8.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"java-1.8.0-openjdk-1.8.0.272.b10-0.fc31\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:20:01", "description": "New in release OpenJDK 11.0.9 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk1109\n\n- https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files pacificnew and systemv have been removed. As a result, the 'US/Pacific-New' zone name declared in the pacificnew data file is no longer available for use.\n\nInformation regarding the update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Fedora 33 : 1:java-11-openjdk (2020-845860fd4f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:java-11-openjdk", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-845860FD4F.NASL", "href": "https://www.tenable.com/plugins/nessus/141908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-845860fd4f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141908);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n script_xref(name:\"FEDORA\", value:\"2020-845860fd4f\");\n\n script_name(english:\"Fedora 33 : 1:java-11-openjdk (2020-845860fd4f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New in release OpenJDK 11.0.9 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk1109\n\n- https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of\ntzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files\npacificnew and systemv have been removed. As a result, the\n'US/Pacific-New' zone name declared in the pacificnew data file is no\nlonger available for use.\n\nInformation regarding the update can be viewed at\nhttps://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-845860fd4f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:java-11-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"java-11-openjdk-11.0.9.11-0.fc33\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:java-11-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-13T14:48:00", "description": "This update for java-1_7_1-ibm fixes the following issues :\n\nUpdate to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803\n\n - Class Libraries :\n\n - Z/OS specific C function send_file is changing the file pointer position\n\n - Security :\n\n - Add the new oracle signer certificate\n\n - Certificate parsing error\n\n - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider\n\n - Remove check for websphere signed jars\n\n - sessionid.hashcode generates too many collisions\n\n - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-01-05T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2021:0019-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0019-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0019-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144732);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2021:0019-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_7_1-ibm fixes the following issues :\n\nUpdate to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063,\nbsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782\nCVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796\nCVE-2020-14803\n\n - Class Libraries :\n\n - Z/OS specific C function send_file is changing the file\n pointer position\n\n - Security :\n\n - Add the new oracle signer certificate\n\n - Certificate parsing error\n\n - JVM memory growth can be caused by the IBMPKCS11IMPL\n crypto provider\n\n - Remove check for websphere signed jars\n\n - sessionid.hashcode generates too many collisions\n\n - The Java 8 IBM certpath provider does not honor the user\n specified system property for CLR connect timeout\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14779/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14782/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14796/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14797/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14798/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14803/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210019-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2c2a8f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-19=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-19=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-19=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-19=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-19=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-19=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-19=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-19=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-19=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-19=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-19=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-19=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-19=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-19=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-19=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2021-19=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-19=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_1-ibm-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_1-ibm-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:25:59", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4607-1 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenJDK vulnerabilities (USN-4607-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-source"], "id": "UBUNTU_USN-4607-1.NASL", "href": "https://www.tenable.com/plugins/nessus/142001", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4607-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142001);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"USN\", value:\"4607-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenJDK vulnerabilities (USN-4607-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4607-1 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1\n Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java\n applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that\n load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1\n (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base\n Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4607-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-source\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2022 Canonical, Inc. / NASL script (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre-jamvm', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u272-b10-0ubuntu1~16.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.9+11-0ubuntu1~18.04.1'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.9+11-0ubuntu1~18.04.1'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.9+11-0ubuntu1~18.04.1'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.9+11-0ubuntu1~18.04.1'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.9+11-0ubuntu1~18.04.1'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.9+11-0ubuntu1~18.04.1'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.9+11-0ubuntu1~18.04.1'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u272-b10-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u272-b10-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u272-b10-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u272-b10-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u272-b10-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u272-b10-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u272-b10-0ubuntu1~18.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.9+11-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.9+11-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.9+11-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.9+11-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.9+11-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.9+11-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.9+11-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u272-b10-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u272-b10-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u272-b10-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u272-b10-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u272-b10-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u272-b10-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u272-b10-0ubuntu1~20.04'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.9+11-0ubuntu1'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.9+11-0ubuntu1'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.9+11-0ubuntu1'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.9+11-0ubuntu1'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.9+11-0ubuntu1'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.9+11-0ubuntu1'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.9+11-0ubuntu1'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u272-b10-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u272-b10-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u272-b10-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u272-b10-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u272-b10-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u272-b10-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-source', 'pkgver': '8u272-b10-0ubuntu1~20.10'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjdk-11-demo / openjdk-11-jdk / openjdk-11-jdk-headless / etc');\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:29:23", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4607-2 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenJDK regressions (USN-4607-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-source"], "id": "UBUNTU_USN-4607-2.NASL", "href": "https://www.tenable.com/plugins/nessus/142865", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4607-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142865);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"USN\", value:\"4607-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenJDK regressions (USN-4607-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4607-2 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1\n Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java\n applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that\n load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1\n (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base\n Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4607-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-source\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2022 Canonical, Inc. / NASL script (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre-jamvm', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '16.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u275-b01-0ubuntu1~16.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.9.1+1-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.9.1+1-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.9.1+1-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.9.1+1-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.9.1+1-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.9.1+1-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.9.1+1-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u275-b01-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u275-b01-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u275-b01-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u275-b01-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u275-b01-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u275-b01-0ubuntu1~18.04'},\n {'osver': '18.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u275-b01-0ubuntu1~18.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.9.1+1-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.9.1+1-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.9.1+1-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.9.1+1-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.9.1+1-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.9.1+1-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.9.1+1-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u275-b01-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u275-b01-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u275-b01-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u275-b01-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u275-b01-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u275-b01-0ubuntu1~20.04'},\n {'osver': '20.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u275-b01-0ubuntu1~20.04'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.9.1+1-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.9.1+1-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.9.1+1-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.9.1+1-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.9.1+1-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.9.1+1-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.9.1+1-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u275-b01-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u275-b01-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u275-b01-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u275-b01-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u275-b01-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u275-b01-0ubuntu1~20.10'},\n {'osver': '20.10', 'pkgname': 'openjdk-8-source', 'pkgver': '8u275-b01-0ubuntu1~20.10'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjdk-11-demo / openjdk-11-jdk / openjdk-11-jdk-headless / etc');\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-06T23:29:45", "description": "The version of Amazon Corretto installed on the remote host is prior to 15 < 15.0.1.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-jdk15-2020-Oct-20 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "Amazon Corretto Java 15.x < 15.0.1.9.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:amazon:corretto"], "id": "AMAZON_CORRETTO_15_0_1_9_1.NASL", "href": "https://www.tenable.com/plugins/nessus/159416", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159416);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"Amazon Corretto Java 15.x < 15.0.1.9.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Amazon Corretto is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Amazon Corretto installed on the remote host is prior to 15 < 15.0.1.9.1. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the corretto-jdk15-2020-Oct-20 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1\n Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java\n applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that\n load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1\n (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base\n Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/corretto/corretto-jdk/blob/develop-jdk15/CHANGELOG.md#october-2020-critical-patch-update-corretto-version-150191\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf0cef78\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Amazon Corretto Java 15.0.1.9.1 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:amazon:corretto\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"amazon_corretto_win_installed.nbin\", \"amazon_corretto_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['Amazon Corretto Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '15.0', 'fixed_version' : '15.0.1.9.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:19:56", "description": "New in release OpenJDK 8u272 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk8u272\n\n- https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt\n\n## New features\n\n - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files pacificnew and systemv have been removed. As a result, the 'US/Pacific-New' zone name declared in the pacificnew data file is no longer available for use.\n\nInformation regarding the update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Fedora 33 : 1:java-1.8.0-openjdk (2020-5708dd5b87)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:java-1.8.0-openjdk", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-5708DD5B87.NASL", "href": "https://www.tenable.com/plugins/nessus/141902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-5708dd5b87.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141902);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n script_xref(name:\"FEDORA\", value:\"2020-5708dd5b87\");\n\n script_name(english:\"Fedora 33 : 1:java-1.8.0-openjdk (2020-5708dd5b87)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New in release OpenJDK 8u272 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk8u272\n\n- https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt\n\n## New features\n\n - JDK-8245468: Add TLSv1.3 implementation classes from\n 11.0.7\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of\ntzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files\npacificnew and systemv have been removed. As a result, the\n'US/Pacific-New' zone name declared in the pacificnew data file is no\nlonger available for use.\n\nInformation regarding the update can be viewed at\nhttps://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-5708dd5b87\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:java-1.8.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"java-1.8.0-openjdk-1.8.0.272.b10-0.fc33\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-10T03:13:50", "description": "The version of OpenJDK installed on the remote host is prior to 7 <= 7u271 / 8 <= 8u262 / 11.0.0 <= 11.0.8 / 13.0.0 <= 13.0.4 / 15.0.0 <= 15.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020-10-20 advisory.\n\nPlease Note: Java CVEs do not always include OpenJDK versions, but are confirmed separately by Tenable using the patch versions from the referenced OpenJDK security advisory.\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-07-06T00:00:00", "type": "nessus", "title": "OpenJDK 7 <= 7u271 / 8 <= 8u262 / 11.0.0 <= 11.0.8 / 13.0.0 <= 13.0.4 / 15.0.0 <= 15.0.0 Multiple Vulnerabilities (2020-10-20)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:oracle:openjdk"], "id": "OPENJDK_2020-10-20.NASL", "href": "https://www.tenable.com/plugins/nessus/151211", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151211);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"OpenJDK 7 <= 7u271 / 8 <= 8u262 / 11.0.0 <= 11.0.8 / 13.0.0 <= 13.0.4 / 15.0.0 <= 15.0.0 Multiple Vulnerabilities (2020-10-20)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"OpenJDK is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenJDK installed on the remote host is prior to 7 <= 7u271 / 8 <= 8u262 / 11.0.0 <= 11.0.8 / 13.0.0 <=\n13.0.4 / 15.0.0 <= 15.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020-10-20\nadvisory.\n\nPlease Note: Java CVEs do not always include OpenJDK versions, but are confirmed separately by Tenable using the patch\nversions from the referenced OpenJDK security advisory.\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base\n Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1\n Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java\n applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that\n load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1\n (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). (CVE-2020-14798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://openjdk.java.net/groups/vulnerability/advisories/2020-10-20\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to an OpenJDK version greater than 7u271 / 8u262 / 11.0.8 / 13.0.4 / 15.0.0\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:openjdk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adoptopenjdk_nix_installed.nbin\", \"adoptopenjdk_win_installed.nbin\", \"openjdk_win_installed.nbin\", \"openjdk_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = [\n 'OpenJDK Java',\n 'AdoptOpenJDK'\n];\n\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '7.0.0', 'max_version' : '7.0.271', 'fixed_display' : 'Upgrade to a version greater than 7u271' },\n { 'min_version' : '8.0.0', 'max_version' : '8.0.262', 'fixed_display' : 'Upgrade to a version greater than 8u262' },\n { 'min_version' : '11.0.0', 'max_version' : '11.0.8', 'fixed_display' : 'Upgrade to a version greater than 11.0.8' },\n { 'min_version' : '13.0.0', 'max_version' : '13.0.4', 'fixed_display' : 'Upgrade to a version greater than 13.0.4' },\n { 'min_version' : '15.0.0', 'max_version' : '15.0.0', 'fixed_display' : 'Upgrade to a version greater than 15.0.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:36:54", "description": "This update for java-11-openjdk fixes the following issues :\n\nUpdate to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect\n\n + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called\n\n + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a memory leak\n\n + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step1\n\n + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!\n\n + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC\n\n + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step3\n\n + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version\n\n - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions\n\n + JDK-8226536: Catch OOM from deopt that fails rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made container aware\n\n + JDK-8226697: Several tests which need the @key headful keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue offsets\n\n + JDK-8231953: Wrong assumption in assertion in oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950 charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration\n\n + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines successfully\n\n + JDK-8234687: change javap reporting on unknown attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval\n\n + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() ||\n\n((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), 'shou ld be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name on Linux\n\n + JDK-8240676: Meet not symmetric failure when running lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME\n\n + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch\n\n + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi headers location\n\n + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j ava\n\n + JDK-8250787: Provider.put no longer registering aliases in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U\n\n + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes\n\n + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:3359-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-11-openjdk", "p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-11-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-11-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-11-openjdk-headless", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3359-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3359-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143712);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:3359-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-11-openjdk fixes the following issues :\n\nUpdate to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943)\n\n - New features\n\n + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage\n Collector\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236196: Improve string pooling\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Other changes\n\n + JDK-6532025: GIF reader throws misleading exception with\n truncated images\n\n + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/\n /PDialogTest.java needs update by removing an infinite\n loop\n\n + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/\n /Test8017492.java fails\n\n + JDK-8062947: Fix exception message to correctly\n represent LDAP connection failure\n\n + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh\n failed\n\n + JDK-8134599: TEST_BUG:\n java/rmi/transport/closeServerSocket/\n /CloseServerSocket.java fails intermittently with\n Address already in use\n\n + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java\n failed due to timeout on DeadServerNoTimeoutTest is\n incorrect\n\n + JDK-8160768: Add capability to custom resolve\n host/domain names within the default JNDI LDAP provider\n\n + JDK-8172404: Tools should warn if weak algorithms are\n used before restricting them\n\n + JDK-8193367: Annotated type variable bounds crash javac\n\n + JDK-8202117:\n com/sun/jndi/ldap/RemoveNamingListenerTest.java fails\n intermittently: Connection reset\n\n + JDK-8203026: java.rmi.NoSuchObjectException: no such\n object in table\n\n + JDK-8203281: [Windows] JComboBox change in ui when\n editor.setBorder() is called\n\n + JDK-8203382: Rename\n SystemDictionary::initialize_wk_klass to\n resolve_wk_klass\n\n + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and\n JdbExprTest.sh fail due to timeout\n\n + JDK-8203928: [Test] Convert non-JDB scaffolding\n serviceability shell script tests to java\n\n + JDK-8204963: javax.swing.border.TitledBorder has a\n memory leak\n\n + JDK-8204994: SA might fail to attach to process with\n 'Windbg Error: WaitForEvent failed'\n\n + JDK-8205534: Remove SymbolTable dependency from\n serviceability agent\n\n + JDK-8206309: Tier1 SA tests fail\n\n + JDK-8208281: java/nio/channels/\n /AsynchronousSocketChannel/Basic.java timed out\n\n + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step1\n\n + JDK-8209332: [TEST]\n test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect\n\n + JDK-8209342: Problemlist SA tests on Solaris due to\n Error attaching to process: Can't create thread_db\n agent!\n\n + JDK-8209343: Test\n javax/swing/border/TestTitledBorderLeak.java should be\n marked as headful\n\n + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails\n with timeout\n\n + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step2\n\n + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails\n with ZGC\n\n + JDK-8209608: Problem list\n com/sun/jdi/BreakpointWithFullGC.java\n\n + JDK-8210131:\n vmTestbase/nsk/jvmti/scenarios/allocation/AP10/\n /ap10t001/TestDescription.java failed with ObjectFree:\n GetCurrentThreadCpuTimerInfo returned unexpected error\n code\n\n + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step3\n\n + JDK-8210527: JShell: NullPointerException in\n jdk.jshell.Eval.translateExceptionStack\n\n + JDK-8210560: [TEST] convert com/sun/jdi\n redefineClass-related tests\n\n + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java\n fails with waitForPrompt timed out after 60 seconds\n\n + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt()\n should clarify which output is the pending reply after a\n timeout\n\n + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to\n java version\n\n - step4\n\n + JDK-8210977:\n jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails\n to find ThreadLocalObject\n\n + JDK-8211292: [TEST] convert\n com/sun/jdi/DeferredStepTest.sh test\n\n + JDK-8211694: JShell: Redeclared variable should be reset\n\n + JDK-8212200: assert when shared java.lang.Object is\n redefined by JVMTI agent\n\n + JDK-8212629: [TEST] wrong breakpoint in\n test/jdk/com/sun/jdi/DeferredStepTest\n\n + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1\n (line 57)\n\n - unexpected. lastLine=52, minLine=52, maxLine=55\n\n + JDK-8212807: tools/jar/multiRelease/Basic.java times out\n\n + JDK-8213182: Minimal VM build failure after JDK-8212200\n (assert when shared java.lang.Object is redefined by\n JVMTI agent)\n\n + JDK-8213214: Set -Djava.io.tmpdir= when running tests\n\n + JDK-8213275: ReplaceCriticalClasses.java fails with\n jdk.internal.vm.PostVMInitHook not found\n\n + JDK-8213574: Deadlock in string table expansion when\n dumping lots of CDS classes\n\n + JDK-8213703: LambdaConversionException: Invalid receiver\n type not a subtype of implementation type interface\n\n + JDK-8214074: Ghash optimization using AVX instructions\n\n + JDK-8214491: Upgrade to JLine 3.9.0\n\n + JDK-8214797: TestJmapCoreMetaspace.java timed out\n\n + JDK-8215243: JShell tests failing intermitently with\n 'Problem cleaning up the following threads:'\n\n + JDK-8215244: jdk/jshell/ToolBasicTest.java\n testHistoryReference failed\n\n + JDK-8215354: x86_32 build failures after JDK-8214074\n (Ghash optimization using AVX instructions)\n\n + JDK-8215438: jshell tool: Ctrl-D causes EOF\n\n + JDK-8216021: RunTest.gmk might set concurrency level to\n 1 on Windows\n\n + JDK-8216974: HttpConnection not returned to the pool\n after 204 response\n\n + JDK-8218948: SimpleDateFormat :: format - Zone Names are\n not reflected correctly during run time\n\n + JDK-8219712: code_size2 (defined in\n stub_routines_x86.hpp) is too small on new Skylake CPUs\n\n + JDK-8220150: macos10.14 Mojave returns anti-aliased\n glyphs instead of aliased B&W glyphs\n\n + JDK-8221658: aarch64: add necessary predicate for ubfx\n patterns\n\n + JDK-8221759: Crash when completing 'java.io.File.path'\n\n + JDK-8221918: runtime/SharedArchiveFile/serviceability/\n /ReplaceCriticalClasses.java fails: Shared archive not\n found\n\n + JDK-8222074: Enhance auto vectorization for x86\n\n + JDK-8222079: Don't use memset to initialize fields\n decode_env constructor in disassembler.cpp\n\n + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not\n rely on hostname command\n\n + JDK-8223688: JShell: crash on the instantiation of raw\n anonymous class\n\n + JDK-8223777: In posix_spawn mode, failing to exec()\n jspawnhelper does not result in an error\n\n + JDK-8223940: Private key not supported by chosen\n signature algorithm\n\n + JDK-8224184: jshell got IOException at exiting with AIX\n\n + JDK-8224234: compiler/codegen/TestCharVect2.java fails\n in test_mulc\n\n + JDK-8225037: java.net.JarURLConnection::getJarEntry()\n throws NullPointerException\n\n + JDK-8225625: AES Electronic Codebook (ECB) encryption\n and decryption optimization using AVX512 + VAES\n instructions\n\n + JDK-8226536: Catch OOM from deopt that fails\n rematerializing objects\n\n + JDK-8226575: OperatingSystemMXBean should be made\n container aware\n\n + JDK-8226697: Several tests which need the @key headful\n keyword are missing it.\n\n + JDK-8226809: Circular reference in printed stack trace\n is not correctly indented & ambiguous\n\n + JDK-8227059: sun/security/tools/keytool/\n /DefaultSignatureAlgorithm.java timed out\n\n + JDK-8227269: Slow class loading when running with JDWP\n\n + JDK-8227595:\n keytool/fakegen/DefaultSignatureAlgorithm.java fails due\n to 'exitValue = 6'\n\n + JDK-8228448: Jconsole can't connect to itself\n\n + JDK-8228967: Trust/Key store and SSL context utilities\n for tests\n\n + JDK-8229378: jdwp library loader in linker_md.c quietly\n truncates on buffer overflow\n\n + JDK-8229815: Upgrade Jline to 3.12.1\n\n + JDK-8230000: some httpclients testng tests run zero test\n\n + JDK-8230002: javax/xml/jaxp/unittest/transform/\n /SecureProcessingTest.java runs zero test\n\n + JDK-8230010: Remove jdk8037819/BasicTest1.java\n\n + JDK-8230094: CCE in createXMLEventWriter(Result) over an\n arbitrary XMLStreamWriter\n\n + JDK-8230402: Allocation of compile task fails with\n assert: 'Leaking compilation tasks?'\n\n + JDK-8230767: FlightRecorderListener returns null\n recording\n\n + JDK-8230870: (zipfs) Add a ZIP FS test that is similar\n to test/jdk/java/util/zip/EntryCount64k.java\n\n + JDK-8231209: [REDO]\n ThreadMXBean::getThreadAllocatedBytes() can be quicker\n for self thread\n\n + JDK-8231586: enlarge encoding space for OopMapValue\n offsets\n\n + JDK-8231953: Wrong assumption in assertion in\n oop::register_oop\n\n + JDK-8231968: getCurrentThreadAllocatedBytes default\n implementation s/b getThreadAllocatedBytes\n\n + JDK-8232083: Minimal VM is broken after JDK-8231586\n\n + JDK-8232161: Align some one-way conversion in MS950\n charset with Windows\n\n + JDK-8232855: jshell missing word in /help help\n\n + JDK-8233027: OopMapSet::all_do does oms.next() twice\n during iteration\n\n + JDK-8233228: Disable weak named curves by default in\n TLS, CertPath, and Signed JAR\n\n + JDK-8233386: Initialize NULL fields for unused\n decorations\n\n + JDK-8233452: java.math.BigDecimal.sqrt() with\n RoundingMode.FLOOR results in incorrect result\n\n + JDK-8233686: XML transformer uses excessive amount of\n memory\n\n + JDK-8233741: AES Countermode (AES-CTR) optimization\n using AVX512 + VAES instructions\n\n + JDK-8233829: javac cannot find non-ASCII module name\n under non-UTF8 environment\n\n + JDK-8233958: Memory retention due to HttpsURLConnection\n finalizer that serves no purpose\n\n + JDK-8234011: (zipfs) Memory leak in\n ZipFileSystem.releaseDeflater()\n\n + JDK-8234058: runtime/CompressedOops/\n /CompressedClassPointers.java fails with 'Narrow klass\n base: 0x0000000000000000' missing from stdout/stderr\n\n + JDK-8234149: Several regression tests do not dispose\n Frame at end\n\n + JDK-8234347: 'Turkey' meta time zone does not generate\n composed localized names\n\n + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/\n /bug6980209.java fails in linux nightly\n\n + JDK-8234535: Cross compilation fails due to missing\n CFLAGS for the BUILD_CC\n\n + JDK-8234541: C1 emits an empty message when it inlines\n successfully\n\n + JDK-8234687: change javap reporting on unknown\n attributes\n\n + JDK-8236464: SO_LINGER option is ignored by SSLSocket in\n JDK 11\n\n + JDK-8236548: Localized time zone name inconsistency\n between English and other locales\n\n + JDK-8236617: jtreg test containers/docker/\n /TestMemoryAwareness.java fails after 8226575\n\n + JDK-8237182: Update copyright header for shenandoah and\n epsilon files\n\n + JDK-8237888: security/infra/java/security/cert/\n /CertPathValidator/certification/LuxTrustCA.java fails\n when checking validity interval\n\n + JDK-8237977: Further update\n javax/net/ssl/compatibility/Compatibility.java\n\n + JDK-8238270: java.net HTTP/2 client does not decrease\n stream count when receives 204 response\n\n + JDK-8238284: [macos] Zero VM build fails due to an\n obvious typo\n\n + JDK-8238380: java.base/unix/native/libjava/childproc.c\n 'multiple definition' link errors with GCC10\n\n + JDK-8238386: (sctp)\n jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple\n definition' link errors with GCC10\n\n + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition'\n link errors with GCC10\n\n + JDK-8238448: RSASSA-PSS signature verification fail when\n using certain odd key sizes\n\n + JDK-8238710: LingeredApp doesn't log stdout/stderr if\n exits with non-zero code\n\n + JDK-8239083: C1 assert(known_holder == NULL ||\n (known_holder->is_instance_klass() &&\n (!known_holder->is_interface() ||\n\n((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())),\n'shou ld be non-static concrete method');\n\n + JDK-8239385: KerberosTicket client name refers wrongly\n to sAMAccountName in AD\n\n + JDK-8240169: javadoc fails to link to non-modular api\n docs\n\n + JDK-8240295: hs_err elapsed time in seconds is not\n accurate enough\n\n + JDK-8240360: NativeLibraryEvent has wrong library name\n on Linux\n\n + JDK-8240676: Meet not symmetric failure when running\n lucene on jdk8\n\n + JDK-8241007: Shenandoah: remove\n ShenandoahCriticalControlThreadPriority support\n\n + JDK-8241065: Shenandoah: remove leftover code after\n JDK-8231086\n\n + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is\n failing on 32bit Windows\n\n + JDK-8241130:\n com.sun.jndi.ldap.EventSupport.removeDeadNotifier:\n java.lang.NullPointerException\n\n + JDK-8241138: http.nonProxyHosts=* causes\n StringIndexOutOfBoundsException in DefaultProxySelector\n\n + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark\n\n + JDK-8241478:\n vmTestbase/gc/gctests/Steal/steal001/steal001.java fails\n with OOME\n\n + JDK-8241574: Shenandoah: remove\n ShenandoahAssertToSpaceClosure\n\n + JDK-8241750: x86_32 build failure after JDK-8227269\n\n + JDK-8242184: CRL generation error with RSASSA-PSS\n\n + JDK-8242283: Can't start JVM when java home path\n includes non-ASCII character\n\n + JDK-8242556: Cannot load RSASSA-PSS public key with\n non-null params from byte array\n\n + JDK-8243029: Rewrite javax/net/ssl/compatibility/\n /Compatibility.java with a flexible interop test\n framework\n\n + JDK-8243138: Enhance BaseLdapServer to support starttls\n extended request\n\n + JDK-8243320: Add SSL root certificates to Oracle Root CA\n program\n\n + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA\n program\n\n + JDK-8243389: enhance os::pd_print_cpu_info on linux\n\n + JDK-8243453: java --describe-module failed with\n non-ASCII module name under non-UTF8 environment\n\n + JDK-8243470: [macos] bring back O2 opt level for\n unsafe.cpp\n\n + JDK-8243489: Thread CPU Load event may contain wrong\n data for CPU time under certain conditions\n\n + JDK-8243925: Toolkit#getScreenInsets() returns wrong\n value on HiDPI screens (Windows)\n\n + JDK-8244087: 2020-04-24 public suffix list update\n\n + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the\n latest release 1.8.26\n\n + JDK-8244164: AArch64: jaotc generates incorrect code for\n compressed OOPs with non-zero heap base\n\n + JDK-8244196: adjust output in os_linux\n\n + JDK-8244225: stringop-overflow warning on strncpy call\n from compile_the_world_in\n\n + JDK-8244287: JFR: Methods samples have line number 0\n\n + JDK-8244703: 'platform encoding not initialized'\n exceptions with debugger, JNI\n\n + JDK-8244719: CTW: C2 compilation fails with\n 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:\n remove node from hash table before modifying it'\n\n + JDK-8244729: Shenandoah: remove resolve paths from\n SBSA::generate_shenandoah_lrb\n\n + JDK-8244763: Update --release 8 symbol information after\n JSR 337 MR3\n\n + JDK-8244818: Java2D Queue Flusher crash while moving\n application window to external monitor\n\n + JDK-8245151: jarsigner should not raise duplicate\n warnings on verification\n\n + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9\n\n + JDK-8245714: 'Bad graph detected in build_loop_late'\n when loads are pinned on loop limit check uncommon\n branch\n\n + JDK-8245801: StressRecompilation triggers assert\n 'redundunt OSR recompilation detected. memory leak in\n CodeCache!'\n\n + JDK-8245832: JDK build make-static-libs should build all\n JDK libraries\n\n + JDK-8245880: Shenandoah: check class unloading flag\n early in concurrent code root scan\n\n + JDK-8245981: Upgrade to jQuery 3.5.1\n\n + JDK-8246027: Minimal fastdebug build broken after\n JDK-8245801\n\n + JDK-8246094: [macos] Sound Recording and playback is not\n working\n\n + JDK-8246153: TestEliminateArrayCopy fails with\n\n -XX:+StressReflectiveCode\n\n + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ\n\n + JDK-8246196:\n javax/management/MBeanServer/OldMBeanServerTest fails\n with AssertionError\n\n + JDK-8246203: Segmentation fault in verification due to\n stack overflow with -XX:+VerifyIterativeGVN\n\n + JDK-8246330: Add TLS Tests for Legacy ECDSA curves\n\n + JDK-8246453: TestClone crashes with 'all collected\n exceptions must come from the same place'\n\n + JDK-8247246: Add explicit ResolvedJavaType.link and\n expose presence of default methods\n\n + JDK-8247350: [aarch64] assert(false) failed: wrong size\n of mach node\n\n + JDK-8247502: PhaseStringOpts crashes while optimising\n effectively dead code\n\n + JDK-8247615: Initialize the bytes left for the heap\n sampler\n\n + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with\n SEGV in SBC2Support::pin_and_expand\n\n + JDK-8247874: Replacement in VersionProps.java.template\n not working when --with-vendor-bug-url contains '&'\n\n + JDK-8247979: aarch64: missing side effect of killing\n flags for clearArray_reg_reg\n\n + JDK-8248214: Add paddings for TaskQueueSuper to reduce\n false-sharing cache contention\n\n + JDK-8248219: aarch64: missing memory barrier in\n fast_storefield and fast_accessfield\n\n + JDK-8248348: Regression caused by the update to BCEL 6.0\n\n + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to\n jtreg 5.1\n\n + JDK-8248495: [macos] zerovm is broken due to libffi\n headers location\n\n + JDK-8248851: CMS: Missing memory fences between free\n chunk check and klass read\n\n + JDK-8248987: AOT's Linker.java seems to eagerly\n fail-fast on Windows\n\n + JDK-8249159: Downport test rework for SSLSocketTemplate\n from 8224650\n\n + JDK-8249215: JFrame::setVisible crashed with\n\n -Dfile.encoding=UTF-8 on Japanese Windows.\n\n + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu\n is not highlighted in GTKLookAndFeel\n\n + JDK-8249255: Build fails if source code in cygwin home\n dir\n\n + JDK-8249277: TestVerifyIterativeGVN.java is failing with\n timeout in OpenJDK 11\n\n + JDK-8249278: Revert JDK-8226253 which breaks the spec of\n AccessibleState.SHOWING for JList\n\n + JDK-8249560: Shenandoah: Fix racy GC request handling\n\n + JDK-8249801: Shenandoah: Clear soft-refs on requested GC\n cycle\n\n + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests\n should account for corner cases\n\n + JDK-8250582: Revert Principal Name type to NT-UNKNOWN\n when requesting TGS Kerberos tickets\n\n + JDK-8250609: C2 crash in IfNode::fold_compares\n\n + JDK-8250627: Use -XX:+/-UseContainerSupport for\n enabling/disabling Java container metrics\n\n + JDK-8250755: Better cleanup for\n jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j\n ava\n\n + JDK-8250787: Provider.put no longer registering aliases\n in FIPS env\n\n + JDK-8250826: jhsdb does not work with coredump which\n comes from Substrate VM\n\n + JDK-8250827: Shenandoah: needs to reset/finish\n StringTable's dead count before/after parallel walk\n\n + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors\n check the bounds\n\n + JDK-8251117: Cannot check P11Key size in P11Cipher and\n P11AEADCipher\n\n + JDK-8251354: Shenandoah: Fix\n jdk/jfr/tool/TestPrintJSON.java test failure\n\n + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots\n with I-U\n\n + JDK-8251469: Better cleanup for\n test/jdk/javax/imageio/SetOutput.java\n\n + JDK-8251487: Shenandoah: missing detail timing tracking\n for final mark cleaning phase\n\n + JDK-8252120: compiler/oracle/TestCompileCommand.java\n misspells 'occured'\n\n + JDK-8252157: JDK-8231209 11u backport breaks jmm binary\n compatibility\n\n + JDK-8252258: [11u] JDK-8242154 changes the default\n vendor\n\n + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test\n after downport of 8234011\n\n + JDK-8253134: JMM_VERSION should remain at 0x20020000\n (JDK 10) in JDK 11\n\n + JDK-8253283: [11u] Test build/translations/\n /VerifyTranslations.java failing after JDK-8252258\n\n + JDK-8253813: Backout JDK-8244287 from 11u: it causes\n several crashes\n\n + Fix regression '8250861: Crash in\n MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk\n 11.0.9\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14779/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14782/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14796/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14797/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14798/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14803/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203359-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f615d0b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3359=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3359=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3359=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3359=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-debuginfo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-debugsource-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-demo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-devel-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-11-openjdk-headless-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-11-openjdk-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-11-openjdk-debuginfo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-11-openjdk-debugsource-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-11-openjdk-demo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-11-openjdk-devel-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-11-openjdk-headless-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-debuginfo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-debugsource-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-demo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-devel-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-11-openjdk-headless-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"java-11-openjdk-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"java-11-openjdk-debuginfo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"java-11-openjdk-debugsource-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"java-11-openjdk-demo-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"java-11-openjdk-devel-11.0.9.0-3.48.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"java-11-openjdk-headless-11.0.9.0-3.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:35:59", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\nUpdate to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943)\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Import of OpenJDK 7 u281 build 1\n\n + JDK-8145096: Undefined behaviour in HotSpot\n\n + JDK-8215265: C2: range check elimination may allow illegal out of bound access\n\n - Backports\n\n + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2020:3310-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3310-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3310-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143688);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2020:3310-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\nUpdate to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943)\n\n - Security fixes\n\n + JDK-8233624: Enhance JNI linkage\n\n + JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n + JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n + JDK-8240124: Better VM Interning\n\n + JDK-8241114, CVE-2020-14792: Better range handling\n\n + JDK-8242680, CVE-2020-14796: Improved URI Support\n\n + JDK-8242685, CVE-2020-14797: Better Path Validation\n\n + JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n + JDK-8243302: Advanced class supports\n\n + JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n + JDK-8244479: Further constrain certificates\n\n + JDK-8244955: Additional Fix for JDK-8240124\n\n + JDK-8245407: Enhance zoning of times\n\n + JDK-8245412: Better class definitions\n\n + JDK-8245417: Improve certificate chain handling\n\n + JDK-8248574: Improve jpeg processing\n\n + JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n + JDK-8253019: Enhanced JPEG decoding\n\n - Import of OpenJDK 7 u281 build 1\n\n + JDK-8145096: Undefined behaviour in HotSpot\n\n + JDK-8215265: C2: range check elimination may allow\n illegal out of bound access\n\n - Backports\n\n + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*,\n bool)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14779/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14782/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14796/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14797/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14798/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14803/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7145d03e\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3310=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3310=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3310=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3310=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3310=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3310=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3310=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3310=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3310=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3310=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3310=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3310=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3310=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3310=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3310=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3310=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-demo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-devel-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-headless-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-demo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-devel-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-headless-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-headless-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-demo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-devel-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-headless-1.7.0.281-43.44.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:25:54", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 281, 8 Update 271, 11 Update 9, or 15 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the October 2020 CPU advisory:\n\n - Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java).\n Supported versions that are affected are 19.3.3 and 20.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14781)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "Oracle Java SE 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1 Multiple Vulnerabilities (Oct 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_OCT_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/141800", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141800);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0477-S\");\n\n script_name(english:\"Oracle Java SE 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1 Multiple Vulnerabilities (Oct 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update\n281, 8 Update 271, 11 Update 9, or 15 Update 1. It is, therefore, affected by multiple vulnerabilities related to the\nfollowing components as referenced in the October 2020 CPU advisory:\n\n - Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java).\n Supported versions that are affected are 19.3.3 and 20.2.0. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM\n Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Oracle GraalVM Enterprise Edition accessible data. (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14781)\n\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuoct2020cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2020 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude('misc_func.inc');\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n # Fixes : (JDK|JRE) 15 Update 1 / 11 Update 9 / 8 Update 271 / 7 Update 281\n if (\n ver_compare(minver:\"1.7.0\", ver:ver, fix:\"1.7.0_281\", regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:\"1.8.0\", ver:ver, fix:\"1.8.0_271\", regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:\"1.11.0\", ver:ver, fix:\"1.11.0_9\", regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:\"1.15.0\", ver:ver, fix:\"1.15.0_1\", regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installations on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-06T23:30:40", "description": "The version of Amazon Corretto installed on the remote host is prior to 11 < 11.0.9.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2020-Oct-20 advisory.\n\n - core-libs/java.io:serialization (CVE-2020-14779)\n\n - core-libs/javax.naming (CVE-2020-14781)\n\n - security-libs/java.security (CVE-2020-14782)\n\n - hotspot/compiler (CVE-2020-14792)\n\n - core-libs/java.io (CVE-2020-14796, CVE-2020-14798, CVE-2020-14803)\n\n - core-libs/java.nio (CVE-2020-14797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "Amazon Corretto Java 11.x < 11.0.9.11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:amazon:corretto"], "id": "AMAZON_CORRETTO_11_0_9_11_1.NASL", "href": "https://www.tenable.com/plugins/nessus/159431", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159431);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"Amazon Corretto Java 11.x < 11.0.9.11.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Amazon Corretto is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Amazon Corretto installed on the remote host is prior to 11 < 11.0.9.11.1. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the corretto-11-2020-Oct-20 advisory.\n\n - core-libs/java.io:serialization (CVE-2020-14779)\n\n - core-libs/javax.naming (CVE-2020-14781)\n\n - security-libs/java.security (CVE-2020-14782)\n\n - hotspot/compiler (CVE-2020-14792)\n\n - core-libs/java.io (CVE-2020-14796, CVE-2020-14798, CVE-2020-14803)\n\n - core-libs/java.nio (CVE-2020-14797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/corretto/corretto-11/blob/develop/CHANGELOG.md#october-2020-critical-patch-update-corretto-version-1109111\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9cf5e0d8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Amazon Corretto Java 11.0.9.11.1 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:amazon:corretto\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"amazon_corretto_win_installed.nbin\", \"amazon_corretto_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['Amazon Corretto Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '11.0', 'fixed_version' : '11.0.9.11.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:31:32", "description": "New in release OpenJDK 11.0.9 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk1109\n\n- https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files pacificnew and systemv have been removed. As a result, the 'US/Pacific-New' zone name declared in the pacificnew data file is no longer available for use.\n\nInformation regarding the update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Fedora 31 : 1:java-11-openjdk (2020-421f817e5f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:java-11-openjdk", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-421F817E5F.NASL", "href": "https://www.tenable.com/plugins/nessus/142160", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-421f817e5f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142160);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14798\", \"CVE-2020-14803\");\n script_xref(name:\"FEDORA\", value:\"2020-421f817e5f\");\n\n script_name(english:\"Fedora 31 : 1:java-11-openjdk (2020-421f817e5f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New in release OpenJDK 11.0.9 (2020-10-20):\n===========================================\n\nFull versions of these release notes can be found at :\n\n- https://bitly.com/openjdk1109\n\n- https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt\n\n## Security fixes\n\n - JDK-8233624: Enhance JNI linkage\n\n - JDK-8236196: Improve string pooling\n\n - JDK-8236862, CVE-2020-14779: Enhance support of Proxy\n class\n\n - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts\n\n - JDK-8237995, CVE-2020-14782: Enhance certificate\n processing\n\n - JDK-8240124: Better VM Interning\n\n - JDK-8241114, CVE-2020-14792: Better range handling\n\n - JDK-8242680, CVE-2020-14796: Improved URI Support\n\n - JDK-8242685, CVE-2020-14797: Better Path Validation\n\n - JDK-8242695, CVE-2020-14798: Enhanced buffer support\n\n - JDK-8243302: Advanced class supports\n\n - JDK-8244136, CVE-2020-14803: Improved Buffer supports\n\n - JDK-8244479: Further constrain certificates\n\n - JDK-8244955: Additional Fix for JDK-8240124\n\n - JDK-8245407: Enhance zoning of times\n\n - JDK-8245412: Better class definitions\n\n - JDK-8245417: Improve certificate chain handling\n\n - JDK-8248574: Improve jpeg processing\n\n - JDK-8249927: Specify limits of\n jdk.serialProxyInterfaceLimit\n\n - JDK-8253019: Enhanced JPEG decoding\n\n## JDK-8254177: US/Pacific-New Zone name removed as part of\ntzdata2020b\n\nFollowing JDK's update to tzdata2020b, the long-obsolete files\npacificnew and systemv have been removed. As a result, the\n'US/Pacific-New' zone name declared in the pacificnew data file is no\nlonger available for use.\n\nInformation regarding the update can be viewed at\nhttps://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-421f817e5f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:java-11-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"java-11-openjdk-11.0.9.11-0.fc31\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:java-11-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:26:02", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 281, 8 Update 271, 11 Update 9, or 15 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the October 2020 CPU advisory:\n\n - Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java).\n Supported versions that are affected are 19.3.3 and 20.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14781)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "Oracle Java SE 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1 Multiple Vulnerabilities (Oct 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_OCT_2020_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/141801", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141801);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0477-S\");\n\n script_name(english:\"Oracle Java SE 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1 Multiple Vulnerabilities (Oct 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update\n281, 8 Update 271, 11 Update 9, or 15 Update 1. It is, therefore, affected by multiple vulnerabilities related to the\nfollowing components as referenced in the October 2020 CPU advisory:\n\n - Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java).\n Supported versions that are affected are 19.3.3 and 20.2.0. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM\n Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Oracle GraalVM Enterprise Edition accessible data. (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14781)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuoct2020cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2020 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude('misc_func.inc');\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit('Host/Java/JRE/Unmanaged/*');\n\ninfo = '';\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = '';\ngranular = '';\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - 'Host/Java/JRE/Unmanaged/';\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + ' & ' + ver;\n\n# Fixes : (JDK|JRE) 15 Update 1 / 11 Update 9 / 8 Update 271 / 7 Update 281\n if (\n ver_compare(minver:'1.7.0', ver:ver, fix:'1.7.0_281', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.8.0', ver:ver, fix:'1.8.0_271', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.11.0', ver:ver, fix:'1.11.0_9', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0 ||\n ver_compare(minver:'1.15.0', ver:ver, fix:'1.15.0_1', regexes:{0:\"_(\\d+)\"}, strict:FALSE) < 0\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += 'The Oracle Java version '+ver+' at '+dir+' is not granular enough to make a determination.'+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (vuln > 1) s = 's of Java are';\n else s = ' of Java is';\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, 'The Java '+installed_versions+' installations on the remote host are not affected.');\n else\n audit(AUDIT_INST_VER_NOT_VULN, 'Java', installed_versions);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-13T14:54:29", "description": "This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803\n\n - Class libraries :\n\n - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout\n\n - Z/OS specific C function send_file is changing the file pointer position\n\n - Java Virtual Machine :\n\n - Crash on iterate java stack\n\n - Java process hang on SIGTERM\n\n - JIT Compiler :\n\n - JMS performance regression from JDK8 SR5 FP40 TO FP41\n\n - Class Libraries :\n\n - z15 high utilization following Z/VM and Linux migration from z14 To z15\n\n - Java Virtual Machine :\n\n - Assertion failed when trying to write a class file\n\n - Assertion failure at modronapi.cpp\n\n - Improve the performance of defining and finding classes\n\n - JIT Compiler :\n\n - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power\n\n - AOT field offset off by n bytes\n\n - Segmentation fault in jit module on ibm z platform\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-01-06T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2021:0032-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0032-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144761", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0032-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144761);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2021:0032-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 6 Fix Pack 20\n[bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781\nCVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803\n\n - Class libraries :\n\n - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for\n more time that the set timeout\n\n - Z/OS specific C function send_file is changing the file\n pointer position\n\n - Java Virtual Machine :\n\n - Crash on iterate java stack\n\n - Java process hang on SIGTERM\n\n - JIT Compiler :\n\n - JMS performance regression from JDK8 SR5 FP40 TO FP41\n\n - Class Libraries :\n\n - z15 high utilization following Z/VM and Linux migration\n from z14 To z15\n\n - Java Virtual Machine :\n\n - Assertion failed when trying to write a class file\n\n - Assertion failure at modronapi.cpp\n\n - Improve the performance of defining and finding classes\n\n - JIT Compiler :\n\n - An assert in ppcbinaryencoding.cpp may trigger when\n running with traps disabled on power\n\n - AOT field offset off by n bytes\n\n - Segmentation fault in jit module on ibm z platform\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14779/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14796/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14797/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14798/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14803/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210032-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?24a45f64\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-32=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-32=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-32=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-32=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-32=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-32=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-32=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-32=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-32=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-32=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-32=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-32=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-32=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-32=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-32=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2021-32=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-32=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-30.78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:34:12", "description": "This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803\n\n - Class libraries :\n\n - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout\n\n - Z/OS specific C function send_file is changing the file pointer position\n\n - Java Virtual Machine :\n\n - Crash on iterate java stack\n\n - Java process hang on SIGTERM\n\n - JIT Compiler :\n\n - JMS performance regression from JDK8 SR5 FP40 TO FP41\n\n - Class Libraries :\n\n - z15 high utilization following Z/VM and Linux migration from z14 To z15\n\n - Java Virtual Machine :\n\n - Assertion failed when trying to write a class file\n\n - Assertion failure at modronapi.cpp\n\n - Improve the performance of defining and finding classes\n\n - JIT Compiler :\n\n - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power\n\n - AOT field offset off by n bytes\n\n - Segmentation fault in jit module on ibm z platform\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-12-24T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:3932-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3932-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144599", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3932-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144599);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14798\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:3932-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for java-1_8_0-ibm fixes the following issues :\n\nUpdate to Java 8.0 Service Refresh 6 Fix Pack 20\n[bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781\nCVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803\n\n - Class libraries :\n\n - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for\n more time that the set timeout\n\n - Z/OS specific C function send_file is changing the file\n pointer position\n\n - Java Virtual Machine :\n\n - Crash on iterate java stack\n\n - Java process hang on SIGTERM\n\n - JIT Compiler :\n\n - JMS performance regression from JDK8 SR5 FP40 TO FP41\n\n - Class Libraries :\n\n - z15 high utilization following Z/VM and Linux migration\n from z14 To z15\n\n - Java Virtual Machine :\n\n - Assertion failed when trying to write a class file\n\n - Assertion failure at modronapi.cpp\n\n - Improve the performance of defining and finding classes\n\n - JIT Compiler :\n\n - An assert in ppcbinaryencoding.cpp may trigger when\n running with traps disabled on power\n\n - AOT field offset off by n bytes\n\n - Segmentation fault in jit module on ibm z platform\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14779/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14796/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14797/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14798/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14803/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203932-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c50fcad1\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3932=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3932=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2020-3932=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3932=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3932=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-1_8_0-ibm-1.8.0_sr6.20-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr6.20-3.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:26:01", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4349 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src"], "id": "REDHAT-RHSA-2020-4349.NASL", "href": "https://www.tenable.com/plugins/nessus/142006", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4349. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142006);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4349\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4349)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4349 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization,\n 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)\n (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/367.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889895\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 295, 319, 367, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_0'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.272.b10-0.el8_0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.272.b10-0.el8_0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-0.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-13T14:59:45", "description": "According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-14797)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.(CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-14782)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2021-1198)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.8.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1198.NASL", "href": "https://www.tenable.com/plugins/nessus/146108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146108);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2021-1198)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.8.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261,\n 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks require human interaction from a person other\n than the attacker. Successful attacks of this\n vulnerability can result in unauthorized update, insert\n or delete access to some of Java SE, Java SE Embedded\n accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible\n data.(CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Serialization). Supported\n versions that are affected are Java SE: 7u271, 8u261,\n 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE\n Embedded.(CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: JNDI). Supported versions\n that are affected are Java SE: 7u271, 8u261, 11.0.8 and\n 15 Java SE Embedded: 8u261. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks of this\n vulnerability can result in unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible\n data.(CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261,\n 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks require human interaction from a person other\n than the attacker. Successful attacks of this\n vulnerability can result in unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible\n data.(CVE-2020-14796)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261,\n 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n Java SE, Java SE Embedded accessible\n data.(CVE-2020-14797)\n\n - Vulnerability in the Java SE product of Oracle Java SE\n (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise\n Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java\n SE accessible data.(CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261,\n 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n Java SE, Java SE Embedded accessible\n data.(CVE-2020-14782)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1198\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f189fc3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.191.b12-0.h18.eulerosv2r7\",\n \"java-1.8.0-openjdk-devel-1.8.0.191.b12-0.h18.eulerosv2r7\",\n \"java-1.8.0-openjdk-headless-1.8.0.191.b12-0.h18.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:15:04", "description": "Security Fix(es) :\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20201022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-11-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-jmods", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-static-libs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201022_JAVA_11_OPENJDK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141842", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141842);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-14779\", \"CVE-2020-14781\", \"CVE-2020-14782\", \"CVE-2020-14792\", \"CVE-2020-14796\", \"CVE-2020-14797\", \"CVE-2020-14803\");\n\n script_name(english:\"Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20201022)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - OpenJDK: Credentials sent over unencrypted LDAP\n connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate\n certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds\n access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Incomplete check for invalid characters in URI\n to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks\n (Libraries, 8244136) (CVE-2020-14803)\n\n - OpenJDK: High memory usage during deserialization of\n Proxy class with many interfaces (Serialization,\n 8236862) (CVE-2020-14779)\n\n - OpenJDK: Missing permission check in path to URI\n conversion (Libraries, 8242680) (CVE-2020-14796)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=26489\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a97904d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-static-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-debuginfo-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-demo-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-devel-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-headless-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-javadoc-zip-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-jmods-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-src-11.0.9.11-0.el7_9\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-11-openjdk-static-libs-11.0.9.11-0.el7_9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-11-openjdk / java-11-openjdk-debuginfo / java-11-openjdk-demo / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-13T14:51:45", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4305 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : java-11-openjdk (CESA-2020:4305)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:java-11-openjdk", "p-cpe:/a:centos:centos:java-11-openjdk-demo", "p-cpe:/a:centos:centos:java-11-openjdk-devel", "p-cpe:/a:centos:centos:java-11-openjdk-headless", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc", "p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-11-openjdk-jmods", "p-cpe:/a:centos:centos:java-11-openjdk-src"], "id": "CENTOS8_RHSA-2020-4305.NASL", "href": "https://www.tenable.com/plugins/nessus/145835", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4305. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145835);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4305\");\n\n script_name(english:\"CentOS 8 : java-11-openjdk (CESA-2020:4305)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4305 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization,\n 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)\n (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4305\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-11-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'java-11-openjdk-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-demo-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-demo-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-devel-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-devel-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-headless-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-headless-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-zip-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-javadoc-zip-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-jmods-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-jmods-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-src-11.0.9.11-0.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-11-openjdk-src-11.0.9.11-0.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:14:48", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4350 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2020-4350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src"], "id": "ORACLELINUX_ELSA-2020-4350.NASL", "href": "https://www.tenable.com/plugins/nessus/141933", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4350.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141933);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n\n script_name(english:\"Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2020-4350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4350 advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base\n Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14803)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1\n Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2020-14796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4350.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-1.el7_9', 'cpu':'i686', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-1.el7_9', 'cpu':'i686', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-1.el7_9', 'cpu':'i686', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-1.el7_9', 'cpu':'i686', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el7_9', 'cpu':'i686', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.272.b10-1.el7_9', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.272.b10-1.el7_9', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-1.el7_9', 'cpu':'i686', 'release':'7', 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / java-1.8.0-openjdk-demo / etc');\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:26:06", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4347 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4347)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src"], "id": "REDHAT-RHSA-2020-4347.NASL", "href": "https://www.tenable.com/plugins/nessus/142004", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4347. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142004);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4347\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4347)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4347 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization,\n 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)\n (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/367.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889895\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 295, 319, 367, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-1.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-1.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-1.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-1.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-1.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-1.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-1.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-1.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.272.b10-1.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.272.b10-1.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-1.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-1.el8_2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-1.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:27:54", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4307 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "RHEL 7 : java-11-openjdk (RHSA-2020:4307)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-static-libs"], "id": "REDHAT-RHSA-2020-4307.NASL", "href": "https://www.tenable.com/plugins/nessus/141826", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4307. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141826);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4307\");\n\n script_name(english:\"RHEL 7 : java-11-openjdk (RHSA-2020:4307)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4307 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization,\n 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)\n (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/367.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889895\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 295, 319, 367, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-static-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'java-11-openjdk-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-demo-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-demo-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-demo-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-devel-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-devel-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-devel-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-headless-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-headless-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-headless-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-javadoc-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-javadoc-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-javadoc-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-javadoc-zip-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-javadoc-zip-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-javadoc-zip-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-jmods-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-jmods-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-jmods-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-src-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-src-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-src-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-static-libs-11.0.9.11-0.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-static-libs-11.0.9.11-0.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-11-openjdk-static-libs-11.0.9.11-0.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:14:50", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4352 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4352)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src"], "id": "REDHAT-RHSA-2020-4352.NASL", "href": "https://www.tenable.com/plugins/nessus/142007", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4352. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142007);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4352\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4352)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4352 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization,\n 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)\n (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/367.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889895\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 295, 319, 367, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_1'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.272.b10-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.272.b10-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.272.b10-0.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-15T14:03:54", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4305 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "RHEL 8 : java-11-openjdk (RHSA-2020:4305)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-static-libs"], "id": "REDHAT-RHSA-2020-4305.NASL", "href": "https://www.tenable.com/plugins/nessus/141812", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4305. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141812);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4305\");\n\n script_name(english:\"RHEL 8 : java-11-openjdk (RHSA-2020:4305)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4305 advisory.\n\n - OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization,\n 8236862) (CVE-2020-14779)\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)\n\n - OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)\n\n - OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)\n (CVE-2020-14797)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/367.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889895\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14792\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 295, 319, 367, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-static-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netwea