ID SUSE_SU-2016-0959-1.NASL Type nessus Reporter This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2016-04-07T00:00:00
Description
The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the
following issues :
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:0959-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(90399);
script_version("2.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2016-0636");
script_name(english:"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the
following issues :
Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)
- Security fixes
- S8152335, CVE-2016-0636: Improve MethodHandle
consistency
- Import of OpenJDK 7 u99 build 0
- S6425769, PR2858: Allow specifying an address to bind
JMX remote connector
- S6961123: setWMClass fails to null-terminate WM_CLASS
string
- S8145982, PR2858: JMXInterfaceBindingTest is failing
intermittently
- S8146015, PR2858: JMXInterfaceBindingTest is failing
intermittently for IPv6 addresses
- Backports
- S8028727, PR2814: [parfait] warnings from b116 for
jdk.src.share.native.sun.security.ec: JNI pending
exceptions
- S8048512, PR2814: Uninitialised memory in
jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
- S8071705. PR2819, RH1182694: Java application menu
misbehaves when running multiple screen stacked
vertically
- S8150954, PR2866, RH1176206: AWT Robot not compatible
with GNOME Shell
- Bug fixes
- PR2803: Make system CUPS optional
- PR2886: Location of 'stap' executable is hard-coded
- PR2893: test/tapset/jstaptest.pl should be executable
- PR2894: Add missing test directory in make check.
- CACAO
- PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:
Assertion `dest && result && x.any && y.any' failed
- AArch64 port
- PR2852: Add support for large code cache
- PR2852: Apply ReservedCodeCacheSize default limiting to
AArch64 only.
- S8081289, PR2852: aarch64: add support for
RewriteFrequentPairs in interpreter
- S8131483, PR2852: aarch64: illegal stlxr instructions
- S8133352, PR2852: aarch64: generates constrained
unpredictable instructions
- S8133842, PR2852: aarch64: C2 generates illegal
instructions with int shifts >=32
- S8134322, PR2852: AArch64: Fix several errors in C2
biased locking implementation
- S8136615, PR2852: aarch64: elide DecodeN when followed
by CmpP 0
- S8138575, PR2852: Improve generated code for profile
counters
- S8138641, PR2852: Disable C2 peephole by default for
aarch64
- S8138966, PR2852: Intermittent SEGV running ParallelGC
- S8143067, PR2852: aarch64: guarantee failure in javac
- S8143285, PR2852: aarch64: Missing load acquire when
checking if ConstantPoolCacheEntry is resolved
- S8143584, PR2852: Load constant pool tag and class
status with load acquire
- S8144201, PR2852: aarch64:
jdk/test/com/sun/net/httpserver/Test6a.java fails with
--enable-unlimited-crypto
- S8144582, PR2852: AArch64 does not generate correct
branch profile data
- S8146709, PR2852: AArch64: Incorrect use of ADRP for
byte_map_base
- S8147805, PR2852: aarch64: C1 segmentation fault due to
inline Unsafe.getAndSetObject
- S8148240, PR2852: aarch64: random infrequent NULL
pointer exceptions in javac
- PPC & AIX port
- S8034797, PR2851: AIX: Fix os::naked_short_sleep() in
os_aix.cpp after 8028280
- S8139258, PR2851: PPC64LE: argument passing problem when
passing 15 floats in native call
- S8139421, PR2851: PPC64LE:
MacroAssembler::bxx64_patchable kill register R12
Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)
- Security fixes
- S8152335, CVE-2016-0636: Improve MethodHandle
consistency
- Import of OpenJDK 7 u99 build 0
- S6425769, PR2858: Allow specifying an address to bind
JMX remote connector
- S6961123: setWMClass fails to null-terminate WM_CLASS
string
- S8145982, PR2858: JMXInterfaceBindingTest is failing
intermittently
- S8146015, PR2858: JMXInterfaceBindingTest is failing
intermittently for IPv6 addresses
- Backports
- S8028727, PR2814: [parfait] warnings from b116 for
jdk.src.share.native.sun.security.ec: JNI pending
exceptions
- S8048512, PR2814: Uninitialised memory in
jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
- S8071705. PR2819, RH1182694: Java application menu
misbehaves when running multiple screen stacked
vertically
- S8150954, PR2866, RH1176206: AWT Robot not compatible
with GNOME Shell
- Bug fixes
- PR2803: Make system CUPS optional
- PR2886: Location of 'stap' executable is hard-coded
- PR2893: test/tapset/jstaptest.pl should be executable
- PR2894: Add missing test directory in make check.
- CACAO
- PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:
Assertion `dest && result && x.any && y.any' failed
- AArch64 port
- PR2852: Add support for large code cache
- PR2852: Apply ReservedCodeCacheSize default limiting to
AArch64 only.
- S8081289, PR2852: aarch64: add support for
RewriteFrequentPairs in interpreter
- S8131483, PR2852: aarch64: illegal stlxr instructions
- S8133352, PR2852: aarch64: generates constrained
unpredictable instructions
- S8133842, PR2852: aarch64: C2 generates illegal
instructions with int shifts >=32
- S8134322, PR2852: AArch64: Fix several errors in C2
biased locking implementation
- S8136615, PR2852: aarch64: elide DecodeN when followed
by CmpP 0
- S8138575, PR2852: Improve generated code for profile
counters
- S8138641, PR2852: Disable C2 peephole by default for
aarch64
- S8138966, PR2852: Intermittent SEGV running ParallelGC
- S8143067, PR2852: aarch64: guarantee failure in javac
- S8143285, PR2852: aarch64: Missing load acquire when
checking if ConstantPoolCacheEntry is resolved
- S8143584, PR2852: Load constant pool tag and class
status with load acquire
- S8144201, PR2852: aarch64:
jdk/test/com/sun/net/httpserver/Test6a.java fails with
--enable-unlimited-crypto
- S8144582, PR2852: AArch64 does not generate correct
branch profile data
- S8146709, PR2852: AArch64: Incorrect use of ADRP for
byte_map_base
- S8147805, PR2852: aarch64: C1 segmentation fault due to
inline Unsafe.getAndSetObject
- S8148240, PR2852: aarch64: random infrequent NULL
pointer exceptions in javac
- PPC & AIX port
- S8034797, PR2851: AIX: Fix os::naked_short_sleep() in
os_aix.cpp after 8028280
- S8139258, PR2851: PPC64LE: argument passing problem when
passing 15 floats in native call
- S8139421, PR2851: PPC64LE:
MacroAssembler::bxx64_patchable kill register R12
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=972468"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-0636/"
);
# https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?980dedc4"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 12-SP1 :
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1
SUSE Linux Enterprise Server 12 :
zypper in -t patch SUSE-SLE-SERVER-12-2016-556=1
SUSE Linux Enterprise Desktop 12-SP1 :
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1
SUSE Linux Enterprise Desktop 12 :
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/24");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0/1", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-demo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-devel-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-headless-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.99-27.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk");
}
{"id": "SUSE_SU-2016-0959-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)", "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2016-04-07T00:00:00", "modified": "2016-04-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/90399", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=972468", "https://www.suse.com/security/cve/CVE-2016-0636/", "http://www.nessus.org/u?980dedc4"], "cvelist": ["CVE-2016-0636"], "type": "nessus", "lastseen": "2021-01-07T14:23:47", "edition": 29, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-0636"]}, {"type": "centos", "idList": ["CESA-2016:0512", "CESA-2016:0511", "CESA-2016:0513", "CESA-2016:0514"]}, {"type": "ubuntu", "idList": ["USN-2942-1"]}, {"type": "kaspersky", "idList": ["KLA10775"]}, {"type": "amazon", "idList": ["ALAS-2016-677"]}, {"type": "suse", "idList": ["SUSE-SU-2016:0956-1", "SUSE-SU-2016:0957-1", "SUSE-SU-2016:0959-1", "OPENSUSE-SU-2016:1004-1", "OPENSUSE-SU-2016:0971-1", "OPENSUSE-SU-2016:0983-1", "OPENSUSE-SU-2016:1005-1", "OPENSUSE-SU-2016:1042-1"]}, {"type": "redhat", "idList": ["RHSA-2016:0514", "RHSA-2016:0512", "RHSA-2016:0513", "RHSA-2016:0516", "RHSA-2016:0515", "RHSA-2016:0511"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0514", "ELSA-2016-0513", "ELSA-2016-0511", "ELSA-2016-0512"]}, {"type": "cisa", "idList": ["CISA:994DDAA79E89BA25451777754E9E70A3"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843757", "OPENVAS:1361412562310851265", "OPENVAS:1361412562310882443", "OPENVAS:1361412562310882442", "OPENVAS:1361412562310122915", "OPENVAS:1361412562310122914", "OPENVAS:1361412562310882440", "OPENVAS:1361412562310851267", "OPENVAS:1361412562310882439", "OPENVAS:1361412562310871586"]}, {"type": "nessus", "idList": ["SUSE_SU-2016-0957-1.NASL", "ORACLE_JAVA_SE_CVE-2016-0636.NASL", "CENTOS_RHSA-2016-0511.NASL", "SL_20160325_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "EULEROS_SA-2016-1010.NASL", "CENTOS_RHSA-2016-0513.NASL", "OPENSUSE-2016-431.NASL", "SL_20160325_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160325_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "CENTOS_RHSA-2016-0512.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:C5ABB0FE00FFADD0EC2217E7319B3E68"]}, {"type": "archlinux", "idList": ["ASA-201603-26", "ASA-201603-27", "ASA-201603-25", "ASA-201604-1", "ASA-201604-3", "ASA-201604-2"]}, {"type": "f5", "idList": ["SOL77535578", "F5:K77535578"]}, {"type": "debian", "idList": ["DEBIAN:DLA-451-1:707F7", "DEBIAN:DSA-3558-1:5D79E"]}, {"type": "gentoo", "idList": ["GLSA-201606-18"]}], "modified": "2021-01-07T14:23:47", "rev": 2}, "score": {"value": 8.4, "vector": "NONE", "modified": "2021-01-07T14:23:47", "rev": 2}, "vulnersScore": 8.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90399);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0636/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?980dedc4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-556=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "90399", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo"], "scheme": null, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}
{"cve": [{"lastseen": "2020-12-09T20:07:32", "description": "Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-24T18:59:00", "title": "CVE-2016-0636", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0636"], "modified": "2020-09-08T12:30:00", "cpe": ["cpe:/a:redhat:icedtea7:2.6.6", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2016-0636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0636", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:oracle:jre:1.8.0:update_73:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea7:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update74:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update_97:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_97:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update73:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_74:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:26:24", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0513\n\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033816.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-accessibility\njava-1.8.0-openjdk-accessibility-debug\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0513.html", "edition": 3, "modified": "2016-03-25T04:16:25", "published": "2016-03-25T04:16:25", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033816.html", "id": "CESA-2016:0513", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0514\n\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open Java\nDevelopment Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant\nimplementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033811.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0514.html", "edition": 3, "modified": "2016-03-25T03:43:23", "published": "2016-03-25T03:43:23", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033811.html", "id": "CESA-2016:0514", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0512\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033813.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033815.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0512.html", "edition": 3, "modified": "2016-03-25T04:16:06", "published": "2016-03-25T03:44:42", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033813.html", "id": "CESA-2016:0512", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:26", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0511\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033810.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0511.html", "edition": 3, "modified": "2016-03-25T03:42:05", "published": "2016-03-25T03:42:05", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033810.html", "id": "CESA-2016:0511", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "A vulnerability was discovered in the JRE related to information \ndisclosure, data integrity, and availability. An attacker could exploit \nthese to cause a denial of service, expose sensitive data over the network, \nor possibly execute arbitrary code.", "edition": 5, "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "USN-2942-1", "href": "https://ubuntu.com/security/notices/USN-2942-1", "title": "OpenJDK 7 vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:13", "bulletinFamily": "info", "cvelist": ["CVE-2016-0636"], "description": "### *Detect date*:\n03/23/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Oracle Java SE. By exploiting this vulnerability malicious users can cause denial of service, affect integrity or obtain sensitive information. This vulnerability can be exploited remotely via vectors related to subcomponent Hotspot\n\n### *Affected products*:\nOracle Java SE versions 7.97, 8.73 and 8.74\n\n### *Solution*:\nUpdate to the latest version \n[Get Java SE](<http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html>)\n\n### *Original advisories*:\n[Oracle advisory](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2016-0636](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0636>)9.3Critical", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2016-03-23T00:00:00", "id": "KLA10775", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10775", "title": "\r KLA10775An unknown vulnerability in Oracle Java SE ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "**Issue Overview:**\n\nAn improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk, java-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system. \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.8.0-openjdk-devel-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-headless-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-demo-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-src-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.66.amzn1.i686 \n \n noarch: \n java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.9.amzn1.noarch \n java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.66.amzn1.noarch \n \n src: \n java-1.8.0-openjdk-1.8.0.77-0.b03.9.amzn1.src \n java-1.7.0-openjdk-1.7.0.99-2.6.5.0.66.amzn1.src \n \n x86_64: \n java-1.8.0-openjdk-demo-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-headless-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-src-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-devel-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2016-03-29T15:30:00", "published": "2016-03-29T15:30:00", "id": "ALAS-2016-677", "href": "https://alas.aws.amazon.com/ALAS-2016-677.html", "title": "Critical: java-1.8.0-openjdk, java-1.7.0-openjdk", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:21:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "edition": 1, "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\n following issues:\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency, which could\n be used by attackers to inject code.\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "modified": "2016-04-05T18:07:50", "published": "2016-04-05T18:07:50", "id": "SUSE-SU-2016:0956-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00003.html", "title": "Security update for java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\n following issues:\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2016-04-11T21:07:36", "published": "2016-04-11T21:07:36", "id": "OPENSUSE-SU-2016:1004-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00013.html", "title": "Security update for java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:26:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the\n following security issue:\n\n * CVE-2016-0636: Improve MethodHandle consistency, which had allowed\n attackers to execute code. (bsc#972468)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2016-04-11T21:07:47", "published": "2016-04-11T21:07:47", "id": "OPENSUSE-SU-2016:1005-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00014.html", "title": "Security update for java-1_8_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME\n Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion\n `dest && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64\n only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with\n int shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile\n data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer\n exceptions in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME\n Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion\n `dest && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64\n only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with\n int shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile\n data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer\n exceptions in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "edition": 1, "modified": "2016-04-14T21:07:52", "published": "2016-04-14T21:07:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00035.html", "id": "OPENSUSE-SU-2016:1042-1", "title": "java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the\n following security issue:\n\n * CVE-2016-0636: Improve MethodHandle consistency, which had allowed\n attackers to execute code. (bsc#972468)\n\n", "edition": 1, "modified": "2016-04-05T18:08:06", "published": "2016-04-05T18:08:06", "id": "SUSE-SU-2016:0957-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00004.html", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:15", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following\n issues:\n\n * CVE-2016-0636: Improve MethodHandle consistency fixes crash / code\n execution problems.\n\n", "edition": 1, "modified": "2016-04-08T12:08:39", "published": "2016-04-08T12:08:39", "id": "OPENSUSE-SU-2016:0983-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00008.html", "title": "Security update for java-1_8_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\n following issues:\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "edition": 1, "modified": "2016-04-05T18:08:42", "published": "2016-04-05T18:08:42", "id": "SUSE-SU-2016:0959-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00005.html", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n && result && x.any && y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts >=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "edition": 1, "modified": "2016-04-07T15:08:01", "published": "2016-04-07T15:08:01", "id": "OPENSUSE-SU-2016:0971-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00007.html", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)", "modified": "2018-04-12T03:33:29", "published": "2016-03-25T02:59:11", "id": "RHSA-2016:0513", "href": "https://access.redhat.com/errata/RHSA-2016:0513", "type": "redhat", "title": "(RHSA-2016:0513) Critical: java-1.8.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n", "modified": "2018-04-12T03:33:03", "published": "2016-03-24T04:00:00", "id": "RHSA-2016:0512", "href": "https://access.redhat.com/errata/RHSA-2016:0512", "type": "redhat", "title": "(RHSA-2016:0512) Important: java-1.7.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update provides Oracle Java 7 Update 99.\n\nSecurity Fix(es):\n\nThis update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636)", "modified": "2018-06-07T18:20:35", "published": "2016-03-25T02:59:46", "id": "RHSA-2016:0515", "href": "https://access.redhat.com/errata/RHSA-2016:0515", "type": "redhat", "title": "(RHSA-2016:0515) Critical: java-1.7.0-oracle security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update provides Oracle Java 8 Update 77.\n\nSecurity Fix(es):\n\nThis update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636)", "modified": "2018-06-07T18:20:30", "published": "2016-03-25T03:01:33", "id": "RHSA-2016:0516", "href": "https://access.redhat.com/errata/RHSA-2016:0516", "type": "redhat", "title": "(RHSA-2016:0516) Critical: java-1.8.0-oracle security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "The java-1.8.0-openjdk packages contain the latest version of the Open Java\nDevelopment Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant\nimplementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n", "modified": "2018-06-06T20:24:20", "published": "2016-03-24T04:00:00", "id": "RHSA-2016:0514", "href": "https://access.redhat.com/errata/RHSA-2016:0514", "type": "redhat", "title": "(RHSA-2016:0514) Important: java-1.8.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n", "modified": "2018-06-06T20:24:31", "published": "2016-03-24T04:00:00", "id": "RHSA-2016:0511", "href": "https://access.redhat.com/errata/RHSA-2016:0511", "type": "redhat", "title": "(RHSA-2016:0511) Critical: java-1.7.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "[1:1.7.0.99-2.6.5.0.0.1]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Oracle Linux'\n[1:1.7.0.99-2.6.5.0]\n- Explictly required libXcomposite-devel for PR2867 as nothing else pulls it in\n- Resolves: rhbz#1320655", "edition": 4, "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0512", "href": "http://linux.oracle.com/errata/ELSA-2016-0512.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "[1:1.8.0.77-0.b03]\n- Remove what remains of the SunEC sources in the remove-intree-libraries script.\n- Resolves: rhbz#1320664\n[1:1.8.0.77-0.b03]\n- Update to u77b03.\n- Drop 8146566 which is applied upstream.\n- Replace s390 Java options patch with general version from IcedTea.\n- Apply s390 patches unconditionally to avoid arch-specific patch failures.\n- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le.\n- Remove aarch64-specific suffix as update/build version are now the same as for other archs.\n- Only use z format specifier on s390, not s390x.\n- Adjust tarball generation script to allow ecc_impl.h to be included.\n- Correct spelling mistakes in tarball generation script.\n- Synchronise minor changes from Fedora.\n- Use a simple backport for PR2462/8074839.\n- Don't backport the crc check for pack.gz. It's not tested well upstream.\n- Resolves: rhbz#1320664", "edition": 4, "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0513", "href": "http://linux.oracle.com/errata/ELSA-2016-0513.html", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "[1:1.7.0.99-2.6.5.0.0.1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.99-2.6.5.0]\n- Bump to 2.6.5 and u99b00.\n- Correct check for fsg.sh in tarball creation script\n- Resolves: rhbz#1320656", "edition": 4, "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0511", "href": "http://linux.oracle.com/errata/ELSA-2016-0511.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636"], "description": "[1:1.8.0.77-0.b03]\n- Remove what remains of the SunEC sources in the remove-intree-libraries script.\n- Resolves: rhbz#1320661\n[1:1.8.0.77-0.b03]\n- Update to u77b03.\n- Drop 8146566 which is applied upstream.\n- Replace s390 Java options patch with general version from IcedTea.\n- Apply s390 patches unconditionally to avoid arch-specific patch failures.\n- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le.\n- Remove aarch64-specific suffix as update/build version are now the same as for other archs.\n- Only use z format specifier on s390, not s390x.\n- Adjust tarball generation script to allow ecc_impl.h to be included.\n- Correct spelling mistakes in tarball generation script.\n- Synchronise minor changes from Fedora.\n- Use a simple backport for PR2462/8074839.\n- Don't backport the crc check for pack.gz. It's not tested well upstream.\n- Resolves: rhbz#1320661", "edition": 4, "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0514", "href": "http://linux.oracle.com/errata/ELSA-2016-0514.html", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2020-12-18T18:07:42", "bulletinFamily": "info", "cvelist": ["CVE-2016-0636"], "description": "Oracle has released Java SE 8u77 to address a vulnerability in prior versions of the software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.\n\nUsers and administrators are encouraged to review the [Oracle security alert](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>) and apply the necessary update.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ncas/current-activity/2016/03/24/Oracle-Releases-Security-Update-Java-SE>); we'd welcome your feedback.\n", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "CISA:994DDAA79E89BA25451777754E9E70A3", "href": "https://us-cert.cisa.gov/ncas/current-activity/2016/03/24/Oracle-Releases-Security-Update-Java-SE", "type": "cisa", "title": "Oracle Releases Security Update for Java SE", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:30:33", "description": "An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "CentOS 6 : java-1.8.0-openjdk (CESA-2016:0514)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2016-03-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk"], "id": "CENTOS_RHSA-2016-0514.NASL", "href": "https://www.tenable.com/plugins/nessus/90159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0514 and \n# CentOS Errata and Security Advisory 2016:0514 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90159);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0514\");\n\n script_name(english:\"CentOS 6 : java-1.8.0-openjdk (CESA-2016:0514)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021773.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92c2addf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0636\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:19:17", "description": "An improper type safety check was discovered in the Hotspot component.\nAn untrusted Java application or applet could use this flaw to bypass\nJava Sandbox restrictions.", "edition": 24, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-01T00:00:00", "title": "Amazon Linux AMI : java-1.8.0-openjdk / java-1.7.0-openjdk (ALAS-2016-677)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-677.NASL", "href": "https://www.tenable.com/plugins/nessus/90270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-677.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90270);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"ALAS\", value:\"2016-677\");\n\n script_name(english:\"Amazon Linux AMI : java-1.8.0-openjdk / java-1.7.0-openjdk (ALAS-2016-677)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An improper type safety check was discovered in the Hotspot component.\nAn untrusted Java application or applet could use this flaw to bypass\nJava Sandbox restrictions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-677.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update java-1.8.0-openjdk' to update your system.\n\nRun 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.66.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:33", "description": "An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0512)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2016-03-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless"], "id": "CENTOS_RHSA-2016-0512.NASL", "href": "https://www.tenable.com/plugins/nessus/90157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0512 and \n# CentOS Errata and Security Advisory 2016:0512 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90157);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0512\");\n\n script_name(english:\"CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0512)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021775.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2aa1aac\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021777.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?799f4e18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0636\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:33", "description": "An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "CentOS 7 : java-1.8.0-openjdk (CESA-2016:0513)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2016-03-25T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk"], "id": "CENTOS_RHSA-2016-0513.NASL", "href": "https://www.tenable.com/plugins/nessus/90158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0513 and \n# CentOS Errata and Security Advisory 2016:0513 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90158);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0513\");\n\n script_name(english:\"CentOS 7 : java-1.8.0-openjdk (CESA-2016:0513)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021778.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?800fc611\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0636\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:35:15", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\njava-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-15T00:00:00", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-457)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2016-04-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-457.NASL", "href": "https://www.tenable.com/plugins/nessus/90529", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-457.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90529);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-457)\");\n script_summary(english:\"Check for the openSUSE-2016-457 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\njava-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-src-1.7.0.99-24.33.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk / java-1_7_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:15", "description": "An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "edition": 28, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0513)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk"], "id": "REDHAT-RHSA-2016-0513.NASL", "href": "https://www.tenable.com/plugins/nessus/90181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0513. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90181);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0513\");\n\n script_name(english:\"RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0513)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0513\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:15", "description": "An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "edition": 30, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0512)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "id": "REDHAT-RHSA-2016-0512.NASL", "href": "https://www.tenable.com/plugins/nessus/90180", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0512. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90180);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0512\");\n\n script_name(english:\"RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0512)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0512\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:57", "description": "This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following\nissues :\n\n - CVE-2016-0636: Improve MethodHandle consistency fixes\n crash / code execution problems.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-432)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource"], "id": "OPENSUSE-2016-432.NASL", "href": "https://www.tenable.com/plugins/nessus/90475", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-432.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90475);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-432)\");\n script_summary(english:\"Check for the openSUSE-2016-432 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following\nissues :\n\n - CVE-2016-0636: Improve MethodHandle consistency fixes\n crash / code execution problems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-src-1.8.0.77-24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:15", "description": "An update for java-1.8.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language. Oracle Java SE version 8 includes the Oracle\nJava Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update provides Oracle Java 8 Update 77.\n\nSecurity Fix(es) :\n\nThis update fixes one vulnerability in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about this flaw can be found on the Oracle Security Alert\npage listed in the References section. (CVE-2016-0636)", "edition": 27, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0516)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0516.NASL", "href": "https://www.tenable.com/plugins/nessus/90184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0516. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90184);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0516\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0516)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language. Oracle Java SE version 8 includes the Oracle\nJava Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update provides Oracle Java 8 Update 77.\n\nSecurity Fix(es) :\n\nThis update fixes one vulnerability in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about this flaw can be found on the Oracle Security Alert\npage listed in the References section. (CVE-2016-0636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/topics/security/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0516\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el6_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.77-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.77-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.77-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.77-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.77-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.77-1jpp.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-oracle / java-1.8.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:15", "description": "An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "edition": 27, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0514)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk"], "id": "REDHAT-RHSA-2016-0514.NASL", "href": "https://www.tenable.com/plugins/nessus/90182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0514. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90182);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0514\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0514)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0514\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-03-17T22:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-03-31T00:00:00", "id": "OPENVAS:1361412562310120667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120667", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-677)", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120667\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:02:10 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-677)\");\n script_tag(name:\"insight\", value:\"An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.8.0-openjdk to update your system.\n\n Run yum update java-1.7.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-677.html\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.77~0.b03.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.77~0.b03.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debuginfo\", rpm:\"java-1.8.0-openjdk-debuginfo~1.8.0.77~0.b03.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.77~0.b03.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.77~0.b03.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~0.b03.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.99~2.6.5.0.66.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.99~2.6.5.0.66.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.99~2.6.5.0.66.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.99~2.6.5.0.66.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.99~2.6.5.0.66.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.77~0.b03.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.99~2.6.5.0.66.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310871589", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871589", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0512-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2016:0512-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871589\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:11 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2016:0512-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the\nOpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit\nfor compiling and executing Java programs.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0512-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00069.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-04-15T00:00:00", "id": "OPENVAS:1361412562310851276", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851276", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1042-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851276\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-15 05:17:34 +0200 (Fri, 15 Apr 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:1042-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk fixes the following issues:\n\n java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n * Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n\n * Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n\n * Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME\n Shell\n\n * Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n * CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion\n `dest & & result & & x.any & & y.any' failed\n\n * AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64\n only.\n\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with\n int shifts =32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile counters\n\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n - -enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct branch profile\n data\n\n - S8146709, PR2852: AArch64: Inco ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1042-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.99~24.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310871588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871588", "type": "openvas", "title": "RedHat Update for java-1.8.0-openjdk RHSA-2016:0514-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.8.0-openjdk RHSA-2016:0514-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871588\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:01 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.8.0-openjdk RHSA-2016:0514-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.8.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages contain the\nlatest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages\nprovide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java-1.8.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0514-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00071.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~0.b03.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debuginfo\", rpm:\"java-1.8.0-openjdk-debuginfo~1.8.0.77~0.b03.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.77~0.b03.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.77~0.b03.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310871587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871587", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0511-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2016:0511-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871587\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:07 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2016:0511-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide\nthe OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development\nKit for compiling and executing Java programs.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0511-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00068.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.99~2.6.5.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.99~2.6.5.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.99~2.6.5.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:58:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "Check the version of java", "modified": "2020-03-13T00:00:00", "published": "2016-03-25T00:00:00", "id": "OPENVAS:1361412562310882443", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882443", "type": "openvas", "title": "CentOS Update for java CESA-2016:0513 centos7", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882443\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 06:13:45 +0100 (Fri, 25 Mar 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0513 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages contain\nthe latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8.\nThese packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0513\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021778.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility\", rpm:\"java-1.8.0-openjdk-accessibility~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility-debug\", rpm:\"java-1.8.0-openjdk-accessibility-debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java-1.8.0-openjdk-debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo-debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel-debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless-debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc-debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src-debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-04-09T00:00:00", "id": "OPENVAS:1361412562310851267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851267", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:0983-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851267\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-09 05:00:59 +0200 (Sat, 09 Apr 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:0983-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_8_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following\n issues:\n\n * CVE-2016-0636: Improve MethodHandle consistency fixes crash / code\n execution problems.\");\n\n script_tag(name:\"affected\", value:\"java-1_8_0-openjdk on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0983-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk\", rpm:\"java-1_8_0-openjdk~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-accessibility\", rpm:\"java-1_8_0-openjdk-accessibility~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debuginfo\", rpm:\"java-1_8_0-openjdk-debuginfo~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debugsource\", rpm:\"java-1_8_0-openjdk-debugsource~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo\", rpm:\"java-1_8_0-openjdk-demo~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo-debuginfo\", rpm:\"java-1_8_0-openjdk-demo-debuginfo~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel\", rpm:\"java-1_8_0-openjdk-devel~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless\", rpm:\"java-1_8_0-openjdk-headless~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless-debuginfo\", rpm:\"java-1_8_0-openjdk-headless-debuginfo~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-src\", rpm:\"java-1_8_0-openjdk-src~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-javadoc\", rpm:\"java-1_8_0-openjdk-javadoc~1.8.0.77~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:57:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "Check the version of java", "modified": "2020-03-13T00:00:00", "published": "2016-03-25T00:00:00", "id": "OPENVAS:1361412562310882439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882439", "type": "openvas", "title": "CentOS Update for java CESA-2016:0514 centos6", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882439\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 06:13:37 +0100 (Fri, 25 Mar 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0514 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages contain\nthe latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8.\nThese packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0514\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021773.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java-1.8.0-openjdk-debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo-debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel-debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless-debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc-debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src-debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:56:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "Oracle Linux Local Security Checks ELSA-2016-0513", "modified": "2020-03-13T00:00:00", "published": "2016-03-31T00:00:00", "id": "OPENVAS:1361412562310122914", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122914", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0513", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122914\");\n script_version(\"2020-03-13T10:37:51+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:06:16 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:37:51 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0513\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0513 - java-1.8.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0513\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0513.html\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility\", rpm:\"java-1.8.0-openjdk-accessibility~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility-debug\", rpm:\"java-1.8.0-openjdk-accessibility-debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java-1.8.0-openjdk-debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo-debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel-debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless-debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc-debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src-debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:57:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0636"], "description": "Oracle Linux Local Security Checks ELSA-2016-0514", "modified": "2020-03-13T00:00:00", "published": "2016-03-31T00:00:00", "id": "OPENVAS:1361412562310122913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122913", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0514", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122913\");\n script_version(\"2020-03-13T10:37:51+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:06:16 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:37:51 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0514\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0514 - java-1.8.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0514\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0514.html\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java-1.8.0-openjdk-debug~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo-debug~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel-debug~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless-debug~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc-debug~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src-debug~1.8.0.77~0.b03.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:35", "bulletinFamily": "info", "cvelist": ["CVE-2013-5838", "CVE-2016-0636"], "description": "Oracle yesterday released an [emergency patch](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>) for a Java vulnerability that was improperly patched in 2013.\n\nResearchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still [trivially exploitable](<https://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/>), and it enabled attackers to remotely execute code and bypass the Java sandbox.\n\nOracle did not confirm many details in its advisory Wednesday, other than to urge users to patch immediately since [details on the flaw](<http://www.security-explorations.com/materials/SE-2012-01-ORACLE-14.pdf>) were publicly available. Java SE 7 Update 97 and Java 8 Update 73 and 74 for Windows, Mac OS X, Linux and Solaris are vulnerable, Oracle said. Security Explorations founder Adam Gowdiak told Threatpost today that the patch correctly addressed the flaw.\n\n\u201cWe ran our POC code and found out that it stopped working. We don\u2019t expect the patch to be broken again as Oracle is now aware of our modified disclosure policy,\u201d he said.\n\nSecurity Explorations released the details in a paper and during a talk at the JavaLand conference. The public disclosures, Gowdiak said, reflect a new policy for the company around broken patches for vulnerabilities it discloses to vendors.\n\n\u201cIf an instance of a broken fix for a vulnerability we already reported to the vendor is encountered, it gets disclosed by us without any prior notice,\u201d Gowdiak wrote to the [Full Disclosure](<http://seclists.org/fulldisclosure/2016/Mar/31>) mailing list.\n\nGowdiak told Threatpost that the original vulnerability was an insecure implementation of the Reflection API that could be exploited by a class-spoofing attack against the Java virtual machine. Oracle said it backported from the Java Development Kit 8 a patched implementation of the method handles API to address the vulnerability.\n\nThe Security Explorations researchers, however, said that a four-character change to the proof-of-concept code sent to Oracle along with the original private disclosure could bypass sandbox protections in Java. \u201cIt\u2019s rather easy to exploit\u201d Gowdiak said. \u201cA malicious Java applet needs to be fetched from a custom HTTP (WWW) server. The reason for it is that the server needs to respond with a \u201cNot found\u201d error when a given Java class file is requested for the first time.\u201d\n", "modified": "2016-03-24T17:47:12", "published": "2016-03-24T12:05:59", "id": "THREATPOST:C5ABB0FE00FFADD0EC2217E7319B3E68", "href": "https://threatpost.com/emergency-java-patch-re-issued-for-2013-vulnerability/116967/", "type": "threatpost", "title": "Emergency Java Patch Re-Issued for 2013 Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636", "CVE-2013-5838"], "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the "loadersAreRelated()" method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "ASA-201603-26", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html", "type": "archlinux", "title": "jre8-openjdk: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636", "CVE-2013-5838"], "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the "loadersAreRelated()" method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "ASA-201603-27", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html", "type": "archlinux", "title": "jre8-openjdk-headless: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636", "CVE-2013-5838"], "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the "loadersAreRelated()" method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-04-01T00:00:00", "published": "2016-04-01T00:00:00", "id": "ASA-201604-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html", "type": "archlinux", "title": "jre7-openjdk: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636", "CVE-2013-5838"], "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the "loadersAreRelated()" method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-04-01T00:00:00", "published": "2016-04-01T00:00:00", "id": "ASA-201604-3", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html", "type": "archlinux", "title": "jre7-openjdk-headless: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636", "CVE-2013-5838"], "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the "loadersAreRelated()" method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-04-01T00:00:00", "published": "2016-04-01T00:00:00", "id": "ASA-201604-1", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html", "type": "archlinux", "title": "jdk7-openjdk: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0636", "CVE-2013-5838"], "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the "loadersAreRelated()" method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "ASA-201603-25", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html", "type": "archlinux", "title": "jdk8-openjdk: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:17", "bulletinFamily": "software", "cvelist": ["CVE-2016-3426", "CVE-2016-3449", "CVE-2016-3422", "CVE-2016-0636", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0686"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-04-06T16:50:00", "published": "2016-05-26T22:43:00", "href": "https://support.f5.com/csp/article/K77535578", "id": "F5:K77535578", "title": "Multiple Java SE client-side vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2016-3426", "CVE-2016-3449", "CVE-2016-3422", "CVE-2016-0636", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0686"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-05-26T00:00:00", "published": "2016-05-26T00:00:00", "id": "SOL77535578", "href": "http://support.f5.com/kb/en-us/solutions/public/k/77/sol77535578.html", "type": "f5", "title": "SOL77535578 - Multiple Java SE client-side vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0636", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "description": "Package : openjdk-7\nVersion : 7u101-2.6.6-2~deb7u1\nCVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687\n\t\t CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, denial of service or information disclosure.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n7u101-2.6.6-2~deb7u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nPlease note that OpenJDK 7 will be made the new default Java\nimplementation on 26 June 2016. For further information please refer to\n\n\thttps://wiki.debian.org/LTS/Wheezy\n", "edition": 3, "modified": "2016-05-03T10:37:58", "published": "2016-05-03T10:37:58", "id": "DEBIAN:DLA-451-1:707F7", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00001.html", "title": "[SECURITY] [DLA 451-1] openjdk-7 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:55:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0636", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3558-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 26, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-7\nCVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 \n CVE-2016-3425 CVE-2016-3426 CVE-2016-3427\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, denial of service or information disclosure.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7u101-2.6.6-1~deb8u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2016-04-26T20:25:31", "published": "2016-04-26T20:25:31", "id": "DEBIAN:DSA-3558-1:5D79E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00134.html", "title": "[SECURITY] [DSA 3558-1] openjdk-7 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-3449", "CVE-2016-3422", "CVE-2016-0636", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "edition": 1, "description": "### Background\n\nIcedTea\u2019s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. \n\n### Description\n\nVarious OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers may execute arbitrary code, compromise information, or cause Denial of Service. \n\n### Workaround\n\nThere is no known work around at this time.\n\n### Resolution\n\nGentoo Security is no longer supporting dev-java/icedtea, as it has been officially dropped from the stable tree. \n\nUsers of the IcedTea 3.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-3.0.1\"\n \n\nUsers of the IcedTea 7.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-7.2.6.6\"", "modified": "2016-06-27T00:00:00", "published": "2016-06-27T00:00:00", "id": "GLSA-201606-18", "href": "https://security.gentoo.org/glsa/201606-18", "type": "gentoo", "title": "IcedTea: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}