EulerOS 2.0 SP5 java-1.8.0-openjdk vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | java security update | 19 Apr 201918:51 | – | centos |
![]() | java security update | 22 Apr 201922:47 | – | centos |
![]() | java security update | 22 Apr 201922:45 | – | centos |
![]() | java security update | 19 Apr 201918:53 | – | centos |
![]() | java security update | 19 Apr 201918:39 | – | centos |
![]() | Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20190422) | 23 Apr 201900:00 | – | nessus |
![]() | CentOS 6 : java-1.8.0-openjdk (CESA-2019:0774) | 22 Apr 201900:00 | – | nessus |
![]() | CentOS 7 : java-1.8.0-openjdk (CESA-2019:0775) | 22 Apr 201900:00 | – | nessus |
![]() | RHEL 8 : java-1.8.0-openjdk (RHSA-2019:1146) | 13 May 201900:00 | – | nessus |
![]() | EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2019-1585) | 29 May 201900:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(124397);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/30");
script_cve_id("CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698");
script_name(english:"EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2019-1301)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the java-1.8.0-openjdk packages
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- OpenJDK: Font layout engine out of bounds access
setCurrGlyphID()(CVE-2019-2698)
- OpenJDK: Slow conversion of BigDecimal to
long(CVE-2019-2602)
- OpenJDK: Incorrect skeleton selection in RMI registry
server-side dispatch handling(CVE-2019-2684)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1301
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c6c1ba91");
script_set_attribute(attribute:"solution", value:
"Update the affected java-1.8.0-openjdk packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2698");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["java-1.8.0-openjdk-1.8.0.191.b12-0.h2.eulerosv2r7",
"java-1.8.0-openjdk-devel-1.8.0.191.b12-0.h2.eulerosv2r7",
"java-1.8.0-openjdk-headless-1.8.0.191.b12-0.h2.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo