Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20151021_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASLHistoryOct 22, 2015 - 12:00 a.m.
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20151021)
2015-10-2200:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844)
Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)
A flaw was found in the way the Libraries component in OpenJDK handled certificate revocation lists (CRL). In certain cases, CRL checking code could fail to report a revoked certificate, causing the application to accept it as trusted. (CVE-2015-4868)
It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy.
(CVE-2015-4872)
Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903)
All running instances of OpenJDK Java must be restarted for the update to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(86529);
script_version("2.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2015-4734", "CVE-2015-4803", "CVE-2015-4805", "CVE-2015-4806", "CVE-2015-4835", "CVE-2015-4840", "CVE-2015-4842", "CVE-2015-4843", "CVE-2015-4844", "CVE-2015-4860", "CVE-2015-4868", "CVE-2015-4872", "CVE-2015-4881", "CVE-2015-4882", "CVE-2015-4883", "CVE-2015-4893", "CVE-2015-4903", "CVE-2015-4911");
script_name(english:"Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20151021)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple flaws were discovered in the CORBA, Libraries, RMI,
Serialization, and 2D components in OpenJDK. An untrusted Java
application or applet could use these flaws to completely bypass Java
sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843,
CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844)
Multiple denial of service flaws were found in the JAXP component in
OpenJDK. A specially crafted XML file could cause a Java application
using JAXP to consume an excessive amount of CPU and memory when
parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)
A flaw was found in the way the Libraries component in OpenJDK handled
certificate revocation lists (CRL). In certain cases, CRL checking
code could fail to report a revoked certificate, causing the
application to accept it as trusted. (CVE-2015-4868)
It was discovered that the Security component in OpenJDK failed to
properly check if a certificate satisfied all defined constraints. In
certain cases, this could cause a Java application to accept an X.509
certificate which does not meet requirements of the defined policy.
(CVE-2015-4872)
Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and
RMI components in OpenJDK. An untrusted Java application or applet
could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842,
CVE-2015-4734, CVE-2015-4903)
All running instances of OpenJDK Java must be restarted for the update
to take effect."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1510&L=scientific-linux-errata&F=&S=&P=3234
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?de2ce039"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/21");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-debug-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-debuginfo-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-demo-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-demo-debug-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-devel-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-devel-debug-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-headless-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-headless-debug-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-javadoc-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-javadoc-debug-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-src-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"java-1.8.0-openjdk-src-debug-1.8.0.65-0.b17.el6_7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-accessibility-1.8.0.65-2.b17.el7_1")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-debuginfo-1.8.0.65-2.b17.el7_1")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-demo-1.8.0.65-2.b17.el7_1")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-devel-1.8.0.65-2.b17.el7_1")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1")) flag++;
if (rpm_check(release:"SL7", reference:"java-1.8.0-openjdk-javadoc-1.8.0.65-2.b17.el7_1")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-src-1.8.0.65-2.b17.el7_1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | java-1.8.0-openjdk | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk |
| fermilab | scientific_linux | java-1.8.0-openjdk-accessibility | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility |
| fermilab | scientific_linux | java-1.8.0-openjdk-debug | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug |
| fermilab | scientific_linux | java-1.8.0-openjdk-debuginfo | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo |
| fermilab | scientific_linux | java-1.8.0-openjdk-demo | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo |
| fermilab | scientific_linux | java-1.8.0-openjdk-demo-debug | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug |
| fermilab | scientific_linux | java-1.8.0-openjdk-devel | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel |
| fermilab | scientific_linux | java-1.8.0-openjdk-devel-debug | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug |
| fermilab | scientific_linux | java-1.8.0-openjdk-headless | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless |
| fermilab | scientific_linux | java-1.8.0-openjdk-headless-debug | p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
www.nessus.org/u?de2ce039
Related
openvas
openvas
Oracle Linux Local Check: ELSA-2015-1921
2015-10-22 00:00:00
Mageia Linux Local Check: mgasa-2015-0412
2015-10-26 00:00:00
CentOS Update for java CESA-2015:1919 centos6
2015-10-22 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-1920)
2015-10-22 00:00:00
RHEL 5 : java-1.7.0-openjdk (RHSA-2015:1921)
2015-10-22 00:00:00
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-605)
2015-10-29 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-11-04 17:12:29
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:48
Security update for java-1_7_0-openjdk (important)
2015-11-02 16:34:56
amazon
amazon
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
Important: java-1.8.0-openjdk
2015-10-27 16:39:00
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2015-10-28 00:00:00
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.8.0-openjdk security update
2015-10-21 00:00:00
centos
centos
java security update
2015-10-21 23:24:30
java security update
2015-10-21 23:13:49
java security update
2015-10-21 23:14:14
redhat
redhat
(RHSA-2015:1921) Important: java-1.7.0-openjdk security update
2015-10-21 00:00:00
(RHSA-2015:1919) Important: java-1.8.0-openjdk security update
2015-10-21 00:00:00
(RHSA-2015:1920) Critical: java-1.7.0-openjdk security update
2015-10-21 00:00:00
veracode
veracode
Authentication Bypass
2019-05-02 05:19:32
Authentication Bypass
2019-05-02 05:19:32
Authentication Bypass
2019-05-02 05:19:33
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48
debian
debian
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
[SECURITY] [DSA 3381-2] openjdk-7 security update
2015-11-01 22:21:57
[SECURITY] [DSA 3381-1] openjdk-7 security update
2015-10-27 21:21:20
ibm
ibm
archlinux
archlinux
jdk7-openjdk: multiple issues
2015-10-23 00:00:00
jre7-openjdk: multiple issues
2015-10-23 00:00:00
jre7-openjdk-headless: multiple issues
2015-10-23 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-12-10 08:51:54
freebsd
freebsd
java -- multiple vulnerabilities
2015-10-20 00:00:00
f5
f5
SOL05200155 - Multiple Java vulnerabilities
2015-11-26 00:00:00
Multiple Java vulnerabilities
2015-11-26 18:23:00
SOL14132811 - Java vulnerability CVE-2015-4893
2015-11-20 00:00:00
debiancve
debiancve
cve
cve
prion
prion
Design/Logic Flaw
2015-10-21 23:59:00
Design/Logic Flaw
2015-10-22 00:00:00
Design/Logic Flaw
2015-10-21 21:59:00
ubuntucve
ubuntucve
Related for SL_20151021_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL