Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2016-0057.NASL
HistoryJan 22, 2016 - 12:00 a.m.

RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:0057)

2016-01-2200:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
(CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494)

Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.

All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 111 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:0057. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(88076);
  script_version("2.12");
  script_cvs_date("Date: 2019/10/24 15:35:41");

  script_cve_id("CVE-2015-8126", "CVE-2015-8472", "CVE-2016-0402", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0483", "CVE-2016-0494");
  script_xref(name:"RHSA", value:"2016:0057");

  script_name(english:"RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:0057)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated java-1.6.0-sun packages that fix several security issues are
now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and
7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Oracle Java SE version 6 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE
Critical Patch Update Advisory page, listed in the References section.
(CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448,
CVE-2016-0466, CVE-2016-0483, CVE-2016-0494)

Note: This update also disallows the use of the MD5 hash algorithm in
the certification path processing. The use of MD5 can be re-enabled by
removing MD5 from the jdk.certpath.disabledAlgorithms security
property defined in the java.security file.

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 111 and resolve these
issues. All running instances of Oracle Java must be restarted for the
update to take effect."
  );
  # http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?54e827c2"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2016:0057"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-8126"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-8472"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-0402"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-0448"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-0466"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-0483"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-0494"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:0057";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-demo-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-demo-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-devel-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-devel-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-jdbc-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-jdbc-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-plugin-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-plugin-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.6.0-sun-src-1.6.0.111-1jpp.3.el5_11")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-sun-src-1.6.0.111-1jpp.3.el5_11")) flag++;


  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-demo-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-demo-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-devel-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-devel-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-jdbc-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-jdbc-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-plugin-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-plugin-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.6.0-sun-src-1.6.0.111-1jpp.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-sun-src-1.6.0.111-1jpp.3.el6_7")) flag++;


  if (rpm_check(release:"RHEL7", cpu:"i686", reference:"java-1.6.0-sun-1.6.0.111-1jpp.1.el7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.6.0-sun-1.6.0.111-1jpp.1.el7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.6.0-sun-demo-1.6.0.111-1jpp.1.el7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"i686", reference:"java-1.6.0-sun-devel-1.6.0.111-1jpp.1.el7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.6.0-sun-devel-1.6.0.111-1jpp.1.el7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.6.0-sun-jdbc-1.6.0.111-1jpp.1.el7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.6.0-sun-plugin-1.6.0.111-1jpp.1.el7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.6.0-sun-src-1.6.0.111-1jpp.1.el7")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxjava-1.6.0-sunp-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun
redhatenterprise_linuxjava-1.6.0-sun-demop-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo
redhatenterprise_linuxjava-1.6.0-sun-develp-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel
redhatenterprise_linuxjava-1.6.0-sun-jdbcp-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc
redhatenterprise_linuxjava-1.6.0-sun-pluginp-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin
redhatenterprise_linuxjava-1.6.0-sun-srcp-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux6.7cpe:/o:redhat:enterprise_linux:6.7
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
Rows per page:
1-10 of 111

Related

redhat 13
openvas 40
suse 16
nessus 61
debian 3
osv 1
oraclelinux 5
ubuntu 2
centos 6
amazon 3
ibm 24
veracode 6
mageia 2
f5 3
aix 1
kaspersky 1
fedora 5
prion 1
cve 1
slackware 1
ubuntucve 1
archlinux 1
debiancve 1
freebsd 1
redhat
redhat
(RHSA-2016:0057) Important: java-1.6.0-sun security update
2016-01-21 11:15:11
(RHSA-2016:0056) Critical: java-1.7.0-oracle security update
2016-01-21 11:14:52
(RHSA-2016:0067) Important: java-1.6.0-openjdk security update
2016-01-26 00:00:00
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:0263-1)
2016-01-28 00:00:00
CentOS Update for java CESA-2016:0067 centos6
2016-01-27 00:00:00
Oracle Linux Local Check: ELSA-2016-0067
2016-01-27 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (critical)
2016-01-27 21:11:29
Security update for java-1_7_0-openjdk (critical)
2016-01-27 21:13:32
Security update for Java7 (important)
2016-01-28 01:11:27
nessus
nessus
RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:0056) (SLOTH)
2016-01-22 00:00:00
Debian DLA-410-1 : openjdk-6 security update (SLOTH)
2016-02-05 00:00:00
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-105) (SLOTH)
2016-02-03 00:00:00
debian
debian
[SECURITY] [DLA 410-1] openjdk-6 security update
2016-02-04 14:03:48
[SECURITY] [DSA 3458-1] openjdk-7 security update
2016-01-27 21:00:48
[SECURITY] [DSA 3465-1] openjdk-6 security update
2016-02-02 21:31:52
osv
osv
openjdk-6 - security update
2016-02-04 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2016-01-26 00:00:00
java-1.7.0-openjdk security update
2016-01-21 00:00:00
java-1.8.0-openjdk security update
2016-01-20 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2016-02-01 00:00:00
OpenJDK 7 vulnerabilities
2016-02-01 00:00:00
centos
centos
java security update
2016-01-26 13:28:19
java security update
2016-01-21 16:24:45
java security update
2016-01-21 17:19:22
amazon
amazon
Important: java-1.6.0-openjdk
2016-02-19 15:48:00
Important: java-1.7.0-openjdk
2016-02-09 13:30:00
Important: java-1.8.0-openjdk
2016-02-09 13:30:00
ibm
ibm
Security Bulletin: January 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products
2018-06-18 00:34:31
Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor(CVE-2016-0494,CVE-2016-0483,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2015-8540,CVE-2015-7981)
2018-06-17 12:14:35
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server
2018-06-16 13:38:32
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
mageia
mageia
Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability
2016-02-05 20:26:09
Updated libpng packages fix security vulnerabilities
2015-12-17 00:01:04
f5
f5
K65342329 : Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
SOL65342329 - Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
SOL81903701 - Libpng vulnerability CVE-2015-8472
2016-03-07 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-02-25 08:44:57
kaspersky
kaspersky
KLA10743 Multiple vulnerabilities in Oracle Java SE
2016-01-20 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: libpng15-1.5.25-1.fc22
2016-01-04 20:00:05
[SECURITY] Fedora 23 Update: libpng10-1.0.65-1.fc23
2015-12-18 07:58:28
[SECURITY] Fedora 23 Update: libpng15-1.5.25-1.fc23
2016-01-04 18:55:22
prion
prion
Buffer overflow
2016-01-21 15:59:00
cve
cve
CVE-2015-8472
2016-01-21 15:59:00
slackware
slackware
[slackware-security] libpng
2015-12-16 06:25:09
ubuntucve
ubuntucve
CVE-2015-8472
2015-12-09 00:00:00
archlinux
archlinux
libpng: buffer overflow
2015-12-28 00:00:00
debiancve
debiancve
CVE-2015-8472
2016-01-21 15:59:00
freebsd
freebsd
libpng buffer overflow in png_set_PLTE
2015-11-15 00:00:00
JSON
Related for REDHAT-RHSA-2016-0057.NASL
redhat13openvas40suse16nessus61debian3osv1oraclelinux5ubuntu2centos6amazon3ibm24veracode6mageia2f53aix1kaspersky1fedora5prion1cve1slackware1ubuntucve1archlinux1debiancve1freebsd1