Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-96.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0180-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

  • Fix a file conflict between -devel and -headless package

    • Update to 2.4.4 (bnc#858818)

    • changed from xz to gzipped tarball as the first was not available during update

    • changed a keyring file due release manager change new one is signed by 66484681 from [email protected], see http://mail.openjdk.java.net/pipermail/distro-pkg-dev/20 14-January/025800.html

    • Security fixes

    • S6727821: Enhance JAAS Configuration

    • S7068126, CVE-2014-0373: Enhance SNMP statuses

    • S8010935: Better XML handling

    • S8011786, CVE-2014-0368: Better applet networking

    • S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list

    • S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code

    • S8022904: Enhance JDBC Parsers

    • S8022927: Input validation for byte/endian conversions

    • S8022935: Enhance Apache resolver classes

    • S8022945: Enhance JNDI implementation classes

    • S8023057: Enhance start up image display

    • S8023069, CVE-2014-0411: Enhance TLS connections

    • S8023245, CVE-2014-0423: Enhance Beans decoding

    • S8023301: Enhance generic classes

    • S8023338: Update jarsigner to encourage timestamping

    • S8023672: Enhance jar file validation

    • S8024302: Clarify jar verifications

    • S8024306, CVE-2014-0416: Enhance Subject consistency

    • S8024530: Enhance font process resilience

    • S8024867: Enhance logging start up

    • S8025014: Enhance Security Policy

    • S8025018, CVE-2014-0376: Enhance JAX-P set up

    • S8025026, CVE-2013-5878: Enhance canonicalization

    • S8025034, CVE-2013-5907: Improve layout lookups

    • S8025448: Enhance listening events

    • S8025758, CVE-2014-0422: Enhance Naming management

    • S8025767, CVE-2014-0428: Enhance IIOP Streams

    • S8026172: Enhance UI Management

    • S8026176: Enhance document printing

    • S8026193, CVE-2013-5884: Enhance CORBA stub factories

    • S8026204: Enhance auth login contexts

    • S8026417, CVE-2013-5910: Enhance XML canonicalization

    • S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms

    • S8027201, CVE-2014-0376: Enhance JAX-P set up

    • S8029507, CVE-2013-5893: Enhance JVM method processing

    • S8029533: REGRESSION:
      closed/java/lang/invoke/8008140/Test8008140.java fails against

    • Backports

    • S8025255: (tz) Support tzdata2013g

    • S8026826: JDK 7 fix for 8010935 broke the build

    • Bug fixes

    • PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds

    • D729448: 32-bit alignment on mips and mipsel

    • PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6

    • Add update.py, helper script to download openjdk tarballs from hg repo

    • Buildrequire quilt unconditionally as it’s used unconditionally.

    • Really disable tests on non-JIT architectures. (from Ulrich Weigand)

    • Add headless subpackage wich does not require X and pulse/alsa

    • Add accessibility to extra subpackage, which requires new java-atk-wrapper package

    • removed java-1.7.0-openjdk-java-access-bridge-idlj.patch

    • removed java-1.7.0-openjdk-java-access-bridge-tck.patch

    • removed java-access-bridge-1.26.2.tar.bz2

    • Refreshed

    • java-1.7.0-openjdk-java-access-bridge-security.patch

    • Add a support for running tests using --with tests

    • this is ignored on non-jit architectures

    • Prefer global over define as bcond_with does use them

    • Forward declare aarch64 arch macro

    • Define archbuild/archinstall macros for arm and aarch64

    • remove a few ifarch conditions by using those macros in filelist

    • Need ecj-bootstrap in bootstrap mode (noted by mmatz)

    • Don’t install vim and quilt in bootstrap mode

    • A few enhancenments of bootstrap mode

    • usable wia --with bootstrap

    • disable docs, javadoc package

    • fix configure arguments on bootstrap

    • Add the unversioned SDK directory link to the files list of -devel package (fixes update-alternatives from %post).

    • Add support for bootstrapping with just gcj (using included ecj directly). Increase stacksize for powerpc (amends java-1.7.0-openjdk-ppc-zero-jdk.patch). Add support for ppc64le.

    • fix stackoverflow for powerpc (java-1_7_0-openjdk-ppc-stackoverflow.patch)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-96.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75414);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-5878", "CVE-2013-5884", "CVE-2013-5893", "CVE-2013-5896", "CVE-2013-5907", "CVE-2013-5910", "CVE-2014-0368", "CVE-2014-0373", "CVE-2014-0376", "CVE-2014-0408", "CVE-2014-0411", "CVE-2014-0416", "CVE-2014-0422", "CVE-2014-0423", "CVE-2014-0428");

  script_name(english:"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0180-1)");
  script_summary(english:"Check for the openSUSE-2014-96 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Fix a file conflict between -devel and -headless package 

  - Update to 2.4.4 (bnc#858818)

  - changed from xz to gzipped tarball as the first was not
    available during update

  - changed a keyring file due release manager change new
    one is signed by 66484681 from [email protected], see
    http://mail.openjdk.java.net/pipermail/distro-pkg-dev/20
    14-January/025800.html

  - Security fixes

  - S6727821: Enhance JAAS Configuration

  - S7068126, CVE-2014-0373: Enhance SNMP statuses

  - S8010935: Better XML handling

  - S8011786, CVE-2014-0368: Better applet networking

  - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.**
    should be on restricted package list

  - S8021271, S8021266, CVE-2014-0408: Better buffering in
    ObjC code

  - S8022904: Enhance JDBC Parsers

  - S8022927: Input validation for byte/endian conversions

  - S8022935: Enhance Apache resolver classes

  - S8022945: Enhance JNDI implementation classes

  - S8023057: Enhance start up image display

  - S8023069, CVE-2014-0411: Enhance TLS connections

  - S8023245, CVE-2014-0423: Enhance Beans decoding

  - S8023301: Enhance generic classes

  - S8023338: Update jarsigner to encourage timestamping

  - S8023672: Enhance jar file validation

  - S8024302: Clarify jar verifications

  - S8024306, CVE-2014-0416: Enhance Subject consistency

  - S8024530: Enhance font process resilience

  - S8024867: Enhance logging start up

  - S8025014: Enhance Security Policy

  - S8025018, CVE-2014-0376: Enhance JAX-P set up

  - S8025026, CVE-2013-5878: Enhance canonicalization

  - S8025034, CVE-2013-5907: Improve layout lookups

  - S8025448: Enhance listening events

  - S8025758, CVE-2014-0422: Enhance Naming management

  - S8025767, CVE-2014-0428: Enhance IIOP Streams

  - S8026172: Enhance UI Management

  - S8026176: Enhance document printing

  - S8026193, CVE-2013-5884: Enhance CORBA stub factories

  - S8026204: Enhance auth login contexts

  - S8026417, CVE-2013-5910: Enhance XML canonicalization

  - S8026502: java/lang/invoke/MethodHandleConstants.java
    fails on all platforms

  - S8027201, CVE-2014-0376: Enhance JAX-P set up

  - S8029507, CVE-2013-5893: Enhance JVM method processing

  - S8029533: REGRESSION:
    closed/java/lang/invoke/8008140/Test8008140.java fails
    against

  - Backports

  - S8025255: (tz) Support tzdata2013g

  - S8026826: JDK 7 fix for 8010935 broke the build

  - Bug fixes

  - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN
    is defined on Zero builds

  - D729448: 32-bit alignment on mips and mipsel

  - PR1623: Collision between OpenJDK 6 & 7 classes when
    bootstrapping with OpenJDK 6

  - Add update.py, helper script to download openjdk
    tarballs from hg repo

  - Buildrequire quilt unconditionally as it's used
    unconditionally.

  - Really disable tests on non-JIT architectures. (from
    Ulrich Weigand)

  - Add headless subpackage wich does not require X and
    pulse/alsa

  - Add accessibility to extra subpackage, which requires
    new java-atk-wrapper package

  - removed java-1.7.0-openjdk-java-access-bridge-idlj.patch

  - removed java-1.7.0-openjdk-java-access-bridge-tck.patch

  - removed java-access-bridge-1.26.2.tar.bz2

  - Refreshed

  - java-1.7.0-openjdk-java-access-bridge-security.patch

  - Add a support for running tests using --with tests

  - this is ignored on non-jit architectures

  - Prefer global over define as bcond_with does use them

  - Forward declare aarch64 arch macro

  - Define archbuild/archinstall macros for arm and aarch64

  - remove a few ifarch conditions by using those macros in
    filelist

  - Need ecj-bootstrap in bootstrap mode (noted by mmatz)

  - Don't install vim and quilt in bootstrap mode

  - A few enhancenments of bootstrap mode

  - usable wia --with bootstrap

  - disable docs, javadoc package

  - fix configure arguments on bootstrap

  - Add the unversioned SDK directory link to the files list
    of -devel package (fixes update-alternatives from
    %post).

  - Add support for bootstrapping with just gcj (using
    included ecj directly). Increase stacksize for powerpc
    (amends java-1.7.0-openjdk-ppc-zero-jdk.patch). Add
    support for ppc64le.

  - fix stackoverflow for powerpc
    (java-1_7_0-openjdk-ppc-stackoverflow.patch)"
  );
  # http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3c8576e2"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=858818"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected java-1_7_0-openjdk packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-accessibility-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-demo-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-devel-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-headless-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-javadoc-1.7.0.6-8.32.5") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-src-1.7.0.6-8.32.5") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk / java-1_7_0-openjdk-accessibility / etc");
}
VendorProductVersionCPE
novellopensusejava-1_7_0-openjdkp-cpe:/a:novell:opensuse:java-1_7_0-openjdk
novellopensusejava-1_7_0-openjdk-accessibilityp-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility
novellopensusejava-1_7_0-openjdk-debuginfop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo
novellopensusejava-1_7_0-openjdk-debugsourcep-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource
novellopensusejava-1_7_0-openjdk-demop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo
novellopensusejava-1_7_0-openjdk-demo-debuginfop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo
novellopensusejava-1_7_0-openjdk-develp-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel
novellopensusejava-1_7_0-openjdk-devel-debuginfop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo
novellopensusejava-1_7_0-openjdk-headlessp-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless
novellopensusejava-1_7_0-openjdk-headless-debuginfop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo
Rows per page:
1-10 of 131

References

Related

nessus 32
oraclelinux 3
openvas 36
amazon 2
centos 3
redhat 9
mageia 1
ubuntu 3
suse 5
veracode 25
ibm 21
aix 1
f5 6
kaspersky 1
checkpoint_advisories 5
prion 15
cve 14
ubuntucve 14
seebug 1
zdi 2
nessus
nessus
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0174-1)
2014-06-13 00:00:00
SuSE 11.3 Security Update : openjdk (SAT Patch Number 8874)
2014-02-11 00:00:00
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140115)
2014-01-16 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.6.0-openjdk security update
2014-01-27 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-0027)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2014-0026)
2015-10-06 00:00:00
CentOS Update for java CESA-2014:0027 centos5
2014-01-21 00:00:00
amazon
amazon
Critical: java-1.7.0-openjdk
2014-01-15 10:28:00
Important: java-1.6.0-openjdk
2014-02-03 15:27:00
centos
centos
java security update
2014-01-15 11:04:23
java security update
2014-01-15 11:16:34
java security update
2014-01-27 22:53:27
redhat
redhat
(RHSA-2014:0026) Critical: java-1.7.0-openjdk security update
2014-01-15 00:00:00
(RHSA-2014:0027) Important: java-1.7.0-openjdk security update
2014-01-15 00:00:00
(RHSA-2014:0097) Important: java-1.6.0-openjdk security update
2014-01-27 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
2014-01-21 20:22:18
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-02-27 00:00:00
OpenJDK 6 regression
2014-04-08 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
suse
suse
Security update for IBM Java 6 (important)
2014-03-26 18:04:12
Security update for IBM Java (important)
2014-02-18 13:04:15
Security update for IBM Java 6 (important)
2014-02-21 15:04:13
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:01:07
Sandbox Restrictions Bypass
2019-05-02 05:01:06
Sandbox Restrictions Bypass
2019-05-02 05:01:07
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
2018-06-15 06:59:25
Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK, Java™ Technology Edition
2018-06-25 05:54:54
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - January 2014
2018-06-18 00:09:03
aix
aix
AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)
2014-03-06 13:24:59
f5
f5
SOL53146535 - Multiple Sun Java vulnerabilities
2015-12-30 00:00:00
K53146535 : Multiple Sun Java vulnerabilities
2015-12-31 00:00:00
K17381 : OpenJDK vulnerability CVE-2014-0428
2015-11-03 00:00:00
kaspersky
kaspersky
KLA10511 Multiple vulnerabilities in Oracle products
2014-01-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Private MethodHandle Sandbox Bypass (CVE-2013-5893)
2014-02-03 00:00:00
Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)
2014-05-08 00:00:00
Oracle Java JNDI Sandbox Bypass - Ver2 (CVE-2014-0422)
2015-05-18 00:00:00
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
cve
cve
CVE-2013-5893
2014-01-15 16:08:00
CVE-2013-5896
2014-01-15 16:08:00
CVE-2013-5910
2014-01-15 16:08:00
ubuntucve
ubuntucve
CVE-2013-5893
2014-01-15 00:00:00
CVE-2013-5910
2014-01-15 00:00:00
CVE-2013-5896
2014-01-15 00:00:00
seebug
seebug
Oracle Java SE远程安全漏洞
2014-02-19 00:00:00
zdi
zdi
Oracle Java TrueType LookupCount Buffer Overflow Remote Code Execution Vulnerability
2014-04-03 00:00:00
Oracle Java TTF Font Parsing Heap Corruption Remote Code Execution Vulnerability
2014-02-05 00:00:00
JSON
Related for OPENSUSE-2014-96.NASL
nessus32oraclelinux3openvas36amazon2centos3redhat9mageia1ubuntu3suse5veracode25ibm21aix1f56kaspersky1checkpoint_advisories5prion15cve14ubuntucve14seebug1zdi2