{"id": "SUSE_SU-2016-0959-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)", "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of ", "published": "2016-04-07T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/90399", "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=972468", "https://www.suse.com/security/cve/CVE-2016-0636/", "http://www.nessus.org/u?980dedc4"], "cvelist": ["CVE-2016-0636"], "type": "nessus", "lastseen": "2020-01-01T01:46:14", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo"], "cvelist": ["CVE-2016-0636"], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of ", "edition": 14, "enchantments": {"dependencies": {"modified": "2019-12-13T09:22:05", "references": [{"idList": ["GLSA-201610-08", "GLSA-201606-18"], "type": "gentoo"}, {"idList": ["USN-2942-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-451-1:707F7", "DEBIAN:DSA-3558-1:5D79E"], "type": "debian"}, {"idList": ["ORACLELINUX_ELSA-2016-0512.NASL", "SL_20160325_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160325_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SUSE_SU-2016-0956-1.NASL", "OPENSUSE-2016-432.NASL", "OPENSUSE-2016-457.NASL", "REDHAT-RHSA-2016-0515.NASL", "ORACLELINUX_ELSA-2016-0513.NASL", "UBUNTU_USN-2942-1.NASL", "REDHAT-RHSA-2016-0511.NASL"], "type": "nessus"}, {"idList": ["ALAS-2016-677"], "type": "amazon"}, {"idList": ["F5:K77535578", "SOL77535578"], "type": "f5"}, {"idList": ["KLA10775"], "type": "kaspersky"}, {"idList": ["RHSA-2016:0513", "RHSA-2016:0515", "RHSA-2016:0514", "RHSA-2016:0511", "RHSA-2016:0512", "RHSA-2016:0516"], "type": "redhat"}, {"idList": ["ORACLE:CPUAPR2016V3-2985753"], "type": "oracle"}, {"idList": ["CVE-2016-0636"], "type": "cve"}, {"idList": ["OPENVAS:1361412562310131314", "OPENVAS:1361412562310882441", "OPENVAS:1361412562310120667", "OPENVAS:1361412562310108392", "OPENVAS:1361412562310122915", "OPENVAS:1361412562310851271", "OPENVAS:1361412562310871587", "OPENVAS:1361412562310882442", "OPENVAS:1361412562310882439", "OPENVAS:1361412562310851276"], "type": "openvas"}, {"idList": ["ASA-201604-2", "ASA-201603-26", "ASA-201604-3", "ASA-201604-1", "ASA-201603-25", "ASA-201603-27"], "type": "archlinux"}, {"idList": ["SUSE-SU-2016:0959-1", "SUSE-SU-2016:0956-1", "SUSE-SU-2016:0957-1", "OPENSUSE-SU-2016:1005-1", "OPENSUSE-SU-2016:0971-1", "OPENSUSE-SU-2016:1042-1", "OPENSUSE-SU-2016:0983-1", "OPENSUSE-SU-2016:1004-1"], "type": "suse"}, {"idList": ["THREATPOST:C5ABB0FE00FFADD0EC2217E7319B3E68"], "type": "threatpost"}, {"idList": ["CESA-2016:0511", "CESA-2016:0513", "CESA-2016:0514", "CESA-2016:0512"], "type": "centos"}, {"idList": ["ELSA-2016-0513", "ELSA-2016-0511", "ELSA-2016-0514", "ELSA-2016-0512"], "type": "oraclelinux"}]}, "score": {"modified": "2019-12-13T09:22:05", "value": 7.4, "vector": "NONE"}}, "hash": "12bf9fb0897174a9289a2aeeb54ff0c54ee934bc8e45826b5f4b55e7022a47d8", "hashmap": [{"hash": "ebba8eafa50647073941edd43255f1e4", "key": "description"}, {"hash": "2a83f87a075f408c2b61c247dc1ac429", "key": "references"}, {"hash": "062b1b6f0a772540f0a944452a6ff112", "key": "sourceData"}, {"hash": "d726e774add6189e33cf2ea0c61a2ba5", "key": "cvss"}, {"hash": "4b12e77cf198e92cf370a790f8532543", "key": "published"}, {"hash": "8f54ae49584204db5d9171114c7ce126", "key": "pluginID"}, {"hash": "361d102ed7937ebc6478aeaf971207cf", "key": "title"}, {"hash": "3d5ead6e32f238fef186851ef5d1752e", "key": "cpe"}, {"hash": "b7beaf9d124542f914ef08e608facdab", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6bf7854707966a34f7720135a90eaf32", "key": "href"}, {"hash": "5a7504dfe859a7ccbaf560628f6442ad", "key": "modified"}, {"hash": "fe0153ecb4a6366c62ea5d4119506328", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/90399", "id": "SUSE_SU-2016-0959-1.NASL", "lastseen": "2019-12-13T09:22:05", "modified": "2019-12-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "90399", "published": "2016-04-07T00:00:00", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=972468", "https://www.suse.com/security/cve/CVE-2016-0636/", "http://www.nessus.org/u?980dedc4"], "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90399);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0636/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?980dedc4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-556=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified"], "edition": 14, "lastseen": "2019-12-13T09:22:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo"], "cvelist": ["CVE-2016-0636"], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of ", "edition": 12, "enchantments": {"dependencies": {"modified": "2019-10-28T21:22:23", "references": [{"idList": ["GLSA-201610-08", "GLSA-201606-18"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310882441", "OPENVAS:1361412562310120667", "OPENVAS:1361412562310108392", "OPENVAS:1361412562310871588", "OPENVAS:1361412562310851265", "OPENVAS:1361412562310122915", "OPENVAS:1361412562310851271", "OPENVAS:1361412562310882442", "OPENVAS:1361412562310843757", "OPENVAS:1361412562310851276"], "type": "openvas"}, {"idList": ["USN-2942-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-451-1:707F7", "DEBIAN:DSA-3558-1:5D79E"], "type": "debian"}, {"idList": ["ALAS-2016-677"], "type": "amazon"}, {"idList": ["F5:K77535578", "SOL77535578"], "type": "f5"}, {"idList": ["KLA10775"], "type": "kaspersky"}, {"idList": ["RHSA-2016:0513", "RHSA-2016:0515", "RHSA-2016:0514", "RHSA-2016:0511", "RHSA-2016:0512", "RHSA-2016:0516"], "type": "redhat"}, {"idList": ["ORACLE:CPUAPR2016V3-2985753"], "type": "oracle"}, {"idList": ["CVE-2016-0636"], "type": "cve"}, {"idList": ["ASA-201604-2", "ASA-201603-26", "ASA-201604-3", "ASA-201604-1", "ASA-201603-25", "ASA-201603-27"], "type": "archlinux"}, {"idList": ["SUSE-SU-2016:0959-1", "SUSE-SU-2016:0956-1", "SUSE-SU-2016:0957-1", "OPENSUSE-SU-2016:1005-1", "OPENSUSE-SU-2016:0971-1", "OPENSUSE-SU-2016:1042-1", "OPENSUSE-SU-2016:0983-1", "OPENSUSE-SU-2016:1004-1"], "type": "suse"}, {"idList": ["THREATPOST:C5ABB0FE00FFADD0EC2217E7319B3E68"], "type": "threatpost"}, {"idList": ["ORACLELINUX_ELSA-2016-0512.NASL", "SL_20160325_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160325_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SUSE_SU-2016-0956-1.NASL", "CENTOS_RHSA-2016-0514.NASL", "REDHAT-RHSA-2016-0515.NASL", "ORACLELINUX_ELSA-2016-0513.NASL", "UBUNTU_USN-2942-1.NASL", "OPENSUSE-2016-443.NASL", "REDHAT-RHSA-2016-0511.NASL"], "type": "nessus"}, {"idList": ["CESA-2016:0511", "CESA-2016:0513", "CESA-2016:0514", "CESA-2016:0512"], "type": "centos"}, {"idList": ["ELSA-2016-0513", "ELSA-2016-0511", "ELSA-2016-0514", "ELSA-2016-0512"], "type": "oraclelinux"}]}, "score": {"modified": "2019-10-28T21:22:23", "value": 7.4, "vector": "NONE"}}, "hash": "d1d2be67d5dbb02fe554e577e0578cb75c56ce2f3d561d36427699112f800afa", "hashmap": [{"hash": "ebba8eafa50647073941edd43255f1e4", "key": "description"}, {"hash": "2a83f87a075f408c2b61c247dc1ac429", "key": "references"}, {"hash": "062b1b6f0a772540f0a944452a6ff112", "key": "sourceData"}, {"hash": "d726e774add6189e33cf2ea0c61a2ba5", "key": "cvss"}, {"hash": "4b12e77cf198e92cf370a790f8532543", "key": "published"}, {"hash": "8f54ae49584204db5d9171114c7ce126", "key": "pluginID"}, {"hash": "361d102ed7937ebc6478aeaf971207cf", "key": "title"}, {"hash": "3d5ead6e32f238fef186851ef5d1752e", "key": "cpe"}, {"hash": "b7beaf9d124542f914ef08e608facdab", "key": "reporter"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "6bf7854707966a34f7720135a90eaf32", "key": "href"}, {"hash": "fe0153ecb4a6366c62ea5d4119506328", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/90399", "id": "SUSE_SU-2016-0959-1.NASL", "lastseen": "2019-10-28T21:22:23", "modified": "2019-10-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "90399", "published": "2016-04-07T00:00:00", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=972468", "https://www.suse.com/security/cve/CVE-2016-0636/", "http://www.nessus.org/u?980dedc4"], "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90399);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0636/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?980dedc4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-556=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified"], "edition": 12, "lastseen": "2019-10-28T21:22:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo"], "cvelist": ["CVE-2016-0636"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-01-16T20:23:49", "references": [{"idList": ["GLSA-201610-08", "GLSA-201606-18"], "type": "gentoo"}, {"idList": ["ORACLELINUX_ELSA-2016-0514.NASL", "REDHAT-RHSA-2016-0513.NASL", "OPENSUSE-2016-444.NASL", "CENTOS_RHSA-2016-0512.NASL", "SUSE_SU-2016-0957-1.NASL", "CENTOS_RHSA-2016-0511.NASL", "CENTOS_RHSA-2016-0514.NASL", "OPENSUSE-2016-457.NASL", "UBUNTU_USN-2942-1.NASL", "REDHAT-RHSA-2016-0511.NASL"], "type": "nessus"}, {"idList": ["USN-2942-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-451-1:707F7", "DEBIAN:DSA-3558-1:5D79E"], "type": "debian"}, {"idList": ["ALAS-2016-677"], "type": "amazon"}, {"idList": ["F5:K77535578", "SOL77535578"], "type": "f5"}, {"idList": ["OPENVAS:1361412562310131314", "OPENVAS:1361412562310882440", "OPENVAS:1361412562310871588", "OPENVAS:1361412562310122913", "OPENVAS:1361412562310851265", "OPENVAS:1361412562310851271", "OPENVAS:1361412562310871587", "OPENVAS:1361412562310882442", "OPENVAS:1361412562310851270", "OPENVAS:1361412562310882443"], "type": "openvas"}, {"idList": ["KLA10775"], "type": "kaspersky"}, {"idList": ["RHSA-2016:0513", "RHSA-2016:0515", "RHSA-2016:0514", "RHSA-2016:0511", "RHSA-2016:0512", "RHSA-2016:0516"], "type": "redhat"}, {"idList": ["ORACLE:CPUAPR2016V3-2985753"], "type": "oracle"}, {"idList": ["CVE-2016-0636"], "type": "cve"}, {"idList": ["ASA-201604-2", "ASA-201603-26", "ASA-201604-3", "ASA-201604-1", "ASA-201603-25", "ASA-201603-27"], "type": "archlinux"}, {"idList": ["SUSE-SU-2016:0959-1", "SUSE-SU-2016:0956-1", "SUSE-SU-2016:0957-1", "OPENSUSE-SU-2016:1005-1", "OPENSUSE-SU-2016:0971-1", "OPENSUSE-SU-2016:1042-1", "OPENSUSE-SU-2016:0983-1", "OPENSUSE-SU-2016:1004-1"], "type": "suse"}, {"idList": ["THREATPOST:C5ABB0FE00FFADD0EC2217E7319B3E68"], "type": "threatpost"}, {"idList": ["CESA-2016:0511", "CESA-2016:0513", "CESA-2016:0514", "CESA-2016:0512"], "type": "centos"}, {"idList": ["ELSA-2016-0513", "ELSA-2016-0511", "ELSA-2016-0514", "ELSA-2016-0512"], "type": "oraclelinux"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "d62bb5873e72d9badae5dd4fff972bd421c2dbd11d0ba16cfb070d7f359bc3d6", "hashmap": [{"hash": "adae8e78c975ac66d2a7f31090b48d35", "key": "sourceData"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "2a83f87a075f408c2b61c247dc1ac429", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "21fdd306479b20da988e9279c12e51d8", "key": "modified"}, {"hash": "28154acf8d672fc2e782f096951fe5f6", "key": "href"}, {"hash": "4b12e77cf198e92cf370a790f8532543", "key": "published"}, {"hash": "8f54ae49584204db5d9171114c7ce126", "key": "pluginID"}, {"hash": "361d102ed7937ebc6478aeaf971207cf", "key": "title"}, {"hash": "3d5ead6e32f238fef186851ef5d1752e", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "c1711fe5974b8bd55552fed9345f51f3", "key": "description"}, {"hash": "fe0153ecb4a6366c62ea5d4119506328", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=90399", "id": "SUSE_SU-2016-0959-1.NASL", "lastseen": "2019-01-16T20:23:49", "modified": "2018-11-29T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "90399", "published": "2016-04-07T00:00:00", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=972468", "https://www.suse.com/security/cve/CVE-2016-0636/", "http://www.nessus.org/u?980dedc4"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90399);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/29 12:03:39\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0636/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?980dedc4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-556=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 10, "lastseen": "2019-01-16T20:23:49"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-0636"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions\n\n - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile counters\n\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions\n\n - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile counters\n\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "hash": "01c77caaa27e2e5c8f8a9ebbc5d33639c39055e8764f8707ef5cf2630f2ac839", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "a0ec55b50a5311d08225a66669a2b7be", "key": "references"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5cbc8dd381dcbacb27b41d7f37506cb1", "key": "modified"}, {"hash": "28154acf8d672fc2e782f096951fe5f6", "key": "href"}, {"hash": "4b12e77cf198e92cf370a790f8532543", "key": "published"}, {"hash": "8f54ae49584204db5d9171114c7ce126", "key": "pluginID"}, {"hash": "361d102ed7937ebc6478aeaf971207cf", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ed9bec51f50c555b75435a3396241ad1", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "fe0153ecb4a6366c62ea5d4119506328", "key": "cvelist"}, {"hash": "f5b2109123dc6e42919b9c57a8c6aa39", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=90399", "id": "SUSE_SU-2016-0959-1.NASL", "lastseen": "2016-09-26T17:26:09", "modified": "2016-05-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "90399", "published": "2016-04-07T00:00:00", "references": ["http://www.nessus.org/u?ca4b7564", "https://bugzilla.suse.com/972468", "https://www.suse.com/security/cve/CVE-2016-0636.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90399);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/05/02 15:28:24 $\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_osvdb_id(98536);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/972468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0636.html\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca4b7564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-556=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:09"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-0636"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions\n\n - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile counters\n\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions\n\n - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile counters\n\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "hash": "f51dbcc5e0c338411e851c7e34fa3cb7ba2ee589264f13624d6b8e8c7cf7b6c8", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "a0ec55b50a5311d08225a66669a2b7be", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a33e65a768b0cca01f769a54f9f4ed8b", "key": "cvss"}, {"hash": "28154acf8d672fc2e782f096951fe5f6", "key": "href"}, {"hash": "4b12e77cf198e92cf370a790f8532543", "key": "published"}, {"hash": "8f54ae49584204db5d9171114c7ce126", "key": "pluginID"}, {"hash": "361d102ed7937ebc6478aeaf971207cf", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e1cc54a68fc5b204ea3910962405b025", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "2a962744809771929d528ae4d0d6009a", "key": "modified"}, {"hash": "fe0153ecb4a6366c62ea5d4119506328", "key": "cvelist"}, {"hash": "f5b2109123dc6e42919b9c57a8c6aa39", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=90399", "id": "SUSE_SU-2016-0959-1.NASL", "lastseen": "2016-10-24T21:26:31", "modified": "2016-10-24T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "90399", "published": "2016-04-07T00:00:00", "references": ["http://www.nessus.org/u?ca4b7564", "https://bugzilla.suse.com/972468", "https://www.suse.com/security/cve/CVE-2016-0636.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90399);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/24 13:46:12 $\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_osvdb_id(98536);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/972468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0636.html\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca4b7564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-556=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-10-24T21:26:31"}], "edition": 15, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "3d5ead6e32f238fef186851ef5d1752e"}, {"key": "cvelist", "hash": "fe0153ecb4a6366c62ea5d4119506328"}, {"key": "cvss", "hash": "d726e774add6189e33cf2ea0c61a2ba5"}, {"key": "description", "hash": "ebba8eafa50647073941edd43255f1e4"}, {"key": "href", "hash": "6bf7854707966a34f7720135a90eaf32"}, {"key": "modified", "hash": "2249940a684898a70237266de5d6dd6c"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "8f54ae49584204db5d9171114c7ce126"}, {"key": "published", "hash": "4b12e77cf198e92cf370a790f8532543"}, {"key": "references", "hash": "2a83f87a075f408c2b61c247dc1ac429"}, {"key": "reporter", "hash": "b7beaf9d124542f914ef08e608facdab"}, {"key": "sourceData", "hash": "062b1b6f0a772540f0a944452a6ff112"}, {"key": "title", "hash": "361d102ed7937ebc6478aeaf971207cf"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "9e3f11f6a07209f39ed1aedba63a4408ce32db2e341115bb3ad74d383d3fb0e7", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-0636"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0983-1", "OPENSUSE-SU-2016:1005-1", "OPENSUSE-SU-2016:1004-1", "SUSE-SU-2016:0959-1", "OPENSUSE-SU-2016:0971-1", "SUSE-SU-2016:0956-1", "OPENSUSE-SU-2016:1042-1", "SUSE-SU-2016:0957-1"]}, {"type": "ubuntu", "idList": ["USN-2942-1"]}, {"type": "redhat", "idList": ["RHSA-2016:0516", "RHSA-2016:0515", "RHSA-2016:0513", "RHSA-2016:0512", "RHSA-2016:0514", "RHSA-2016:0511"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122916", "OPENVAS:1361412562310871588", "OPENVAS:1361412562310843757", "OPENVAS:1361412562310122913", "OPENVAS:1361412562310851265", "OPENVAS:1361412562310871586", "OPENVAS:1361412562310882439", "OPENVAS:1361412562310871587", "OPENVAS:1361412562310131314", "OPENVAS:1361412562310122914"]}, {"type": "centos", "idList": ["CESA-2016:0513", "CESA-2016:0511", "CESA-2016:0514", "CESA-2016:0512"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2016-0514.NASL", "ALA_ALAS-2016-677.NASL", "OPENSUSE-2016-443.NASL", "OPENSUSE-2016-431.NASL", "OPENSUSE-2016-444.NASL", "REDHAT-RHSA-2016-0512.NASL", "ORACLELINUX_ELSA-2016-0511.NASL", "REDHAT-RHSA-2016-0516.NASL", "REDHAT-RHSA-2016-0513.NASL", "SL_20160325_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0511", "ELSA-2016-0512", "ELSA-2016-0514", "ELSA-2016-0513"]}, {"type": "kaspersky", "idList": ["KLA10775"]}, {"type": "amazon", "idList": ["ALAS-2016-677"]}, {"type": "archlinux", "idList": ["ASA-201603-26", "ASA-201603-27", "ASA-201604-3", "ASA-201604-2", "ASA-201603-25", "ASA-201604-1"]}, {"type": "threatpost", "idList": ["THREATPOST:C5ABB0FE00FFADD0EC2217E7319B3E68"]}, {"type": "f5", "idList": ["F5:K77535578", "SOL77535578"]}, {"type": "debian", "idList": ["DEBIAN:DLA-451-1:707F7", "DEBIAN:DSA-3558-1:5D79E"]}, {"type": "gentoo", "idList": ["GLSA-201606-18", "GLSA-201610-08"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2016V3-2985753"]}], "modified": "2020-01-01T01:46:14"}, "score": {"value": 7.4, "vector": "NONE", "modified": "2020-01-01T01:46:14"}, "vulnersScore": 7.4}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0959-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90399);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\nfollowing issues :\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0636/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?980dedc4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-556=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-556=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-556=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "90399", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.", "modified": "2017-11-10T02:29:00", "id": "CVE-2016-0636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0636", "published": "2016-03-24T18:59:00", "title": "CVE-2016-0636", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:21:59", "bulletinFamily": "unix", "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\n following issues:\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency, which could\n be used by attackers to inject code.\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "modified": "2016-04-05T18:07:50", "published": "2016-04-05T18:07:50", "id": "SUSE-SU-2016:0956-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00003.html", "title": "Security update for java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "bulletinFamily": "unix", "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "modified": "2016-04-07T15:08:01", "published": "2016-04-07T15:08:01", "id": "OPENSUSE-SU-2016:0971-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00007.html", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:15", "bulletinFamily": "unix", "description": "This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following\n issues:\n\n * CVE-2016-0636: Improve MethodHandle consistency fixes crash / code\n execution problems.\n\n", "modified": "2016-04-08T12:08:39", "published": "2016-04-08T12:08:39", "id": "OPENSUSE-SU-2016:0983-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00008.html", "title": "Security update for java-1_8_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:26:56", "bulletinFamily": "unix", "description": "This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the\n following security issue:\n\n * CVE-2016-0636: Improve MethodHandle consistency, which had allowed\n attackers to execute code. (bsc#972468)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "modified": "2016-04-11T21:07:47", "published": "2016-04-11T21:07:47", "id": "OPENSUSE-SU-2016:1005-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00014.html", "title": "Security update for java-1_8_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\n following issues:\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "modified": "2016-04-11T21:07:36", "published": "2016-04-11T21:07:36", "id": "OPENSUSE-SU-2016:1004-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00013.html", "title": "Security update for java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\n following issues:\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer exceptions\n in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "modified": "2016-04-05T18:08:42", "published": "2016-04-05T18:08:42", "id": "SUSE-SU-2016:0959-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00005.html", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:47", "bulletinFamily": "unix", "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME\n Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion\n `dest &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64\n only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with\n int shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile\n data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer\n exceptions in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (boo#972468)\n * Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n * Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n * Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME\n Shell\n * Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n * CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion\n `dest &amp;&amp; result &amp;&amp; x.any &amp;&amp; y.any' failed\n * AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64\n only.\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with\n int shifts &gt;=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch profile\n data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer\n exceptions in javac\n * PPC &amp; AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when passing 15\n floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill\n register R12\n\n", "modified": "2016-04-14T21:07:52", "published": "2016-04-14T21:07:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00035.html", "id": "OPENSUSE-SU-2016:1042-1", "title": "java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "description": "This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the\n following security issue:\n\n * CVE-2016-0636: Improve MethodHandle consistency, which had allowed\n attackers to execute code. (bsc#972468)\n\n", "modified": "2016-04-05T18:08:06", "published": "2016-04-05T18:08:06", "id": "SUSE-SU-2016:0957-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00004.html", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update provides Oracle Java 7 Update 99.\n\nSecurity Fix(es):\n\nThis update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636)", "modified": "2018-06-07T18:20:35", "published": "2016-03-25T02:59:46", "id": "RHSA-2016:0515", "href": "https://access.redhat.com/errata/RHSA-2016:0515", "type": "redhat", "title": "(RHSA-2016:0515) Critical: java-1.7.0-oracle security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "description": "The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update provides Oracle Java 8 Update 77.\n\nSecurity Fix(es):\n\nThis update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636)", "modified": "2018-06-07T18:20:30", "published": "2016-03-25T03:01:33", "id": "RHSA-2016:0516", "href": "https://access.redhat.com/errata/RHSA-2016:0516", "type": "redhat", "title": "(RHSA-2016:0516) Critical: java-1.8.0-oracle security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "description": "The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)", "modified": "2018-04-12T03:33:29", "published": "2016-03-25T02:59:11", "id": "RHSA-2016:0513", "href": "https://access.redhat.com/errata/RHSA-2016:0513", "type": "redhat", "title": "(RHSA-2016:0513) Critical: java-1.8.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n", "modified": "2018-04-12T03:33:03", "published": "2016-03-24T04:00:00", "id": "RHSA-2016:0512", "href": "https://access.redhat.com/errata/RHSA-2016:0512", "type": "redhat", "title": "(RHSA-2016:0512) Important: java-1.7.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "description": "The java-1.8.0-openjdk packages contain the latest version of the Open Java\nDevelopment Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant\nimplementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n", "modified": "2018-06-06T20:24:20", "published": "2016-03-24T04:00:00", "id": "RHSA-2016:0514", "href": "https://access.redhat.com/errata/RHSA-2016:0514", "type": "redhat", "title": "(RHSA-2016:0514) Important: java-1.8.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:51", "bulletinFamily": "unix", "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n", "modified": "2018-06-06T20:24:31", "published": "2016-03-24T04:00:00", "id": "RHSA-2016:0511", "href": "https://access.redhat.com/errata/RHSA-2016:0511", "type": "redhat", "title": "(RHSA-2016:0511) Critical: java-1.7.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:20", "bulletinFamily": "unix", "description": "[1:1.7.0.99-2.6.5.0.0.1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.99-2.6.5.0]\n- Bump to 2.6.5 and u99b00.\n- Correct check for fsg.sh in tarball creation script\n- Resolves: rhbz#1320656", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0511", "href": "http://linux.oracle.com/errata/ELSA-2016-0511.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "unix", "description": "[1:1.7.0.99-2.6.5.0.0.1]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Oracle Linux'\n[1:1.7.0.99-2.6.5.0]\n- Explictly required libXcomposite-devel for PR2867 as nothing else pulls it in\n- Resolves: rhbz#1320655", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0512", "href": "http://linux.oracle.com/errata/ELSA-2016-0512.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "unix", "description": "[1:1.8.0.77-0.b03]\n- Remove what remains of the SunEC sources in the remove-intree-libraries script.\n- Resolves: rhbz#1320661\n[1:1.8.0.77-0.b03]\n- Update to u77b03.\n- Drop 8146566 which is applied upstream.\n- Replace s390 Java options patch with general version from IcedTea.\n- Apply s390 patches unconditionally to avoid arch-specific patch failures.\n- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le.\n- Remove aarch64-specific suffix as update/build version are now the same as for other archs.\n- Only use z format specifier on s390, not s390x.\n- Adjust tarball generation script to allow ecc_impl.h to be included.\n- Correct spelling mistakes in tarball generation script.\n- Synchronise minor changes from Fedora.\n- Use a simple backport for PR2462/8074839.\n- Don't backport the crc check for pack.gz. It's not tested well upstream.\n- Resolves: rhbz#1320661", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0514", "href": "http://linux.oracle.com/errata/ELSA-2016-0514.html", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "unix", "description": "[1:1.8.0.77-0.b03]\n- Remove what remains of the SunEC sources in the remove-intree-libraries script.\n- Resolves: rhbz#1320664\n[1:1.8.0.77-0.b03]\n- Update to u77b03.\n- Drop 8146566 which is applied upstream.\n- Replace s390 Java options patch with general version from IcedTea.\n- Apply s390 patches unconditionally to avoid arch-specific patch failures.\n- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le.\n- Remove aarch64-specific suffix as update/build version are now the same as for other archs.\n- Only use z format specifier on s390, not s390x.\n- Adjust tarball generation script to allow ecc_impl.h to be included.\n- Correct spelling mistakes in tarball generation script.\n- Synchronise minor changes from Fedora.\n- Use a simple backport for PR2462/8074839.\n- Don't backport the crc check for pack.gz. It's not tested well upstream.\n- Resolves: rhbz#1320664", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "ELSA-2016-0513", "href": "http://linux.oracle.com/errata/ELSA-2016-0513.html", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2016-0513", "modified": "2019-03-14T00:00:00", "published": "2016-03-31T00:00:00", "id": "OPENVAS:1361412562310122914", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122914", "title": "Oracle Linux Local Check: ELSA-2016-0513", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0513.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122914\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:06:16 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0513\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0513 - java-1.8.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0513\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0513.html\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility\", rpm:\"java-1.8.0-openjdk-accessibility~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility-debug\", rpm:\"java-1.8.0-openjdk-accessibility~debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java\", rpm:\"java~1.8.0~openjdk~debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java-1.8.0-openjdk-demo~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java-1.8.0-openjdk-demo~debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java-1.8.0-openjdk-devel~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java-1.8.0-openjdk-devel~debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java-1.8.0-openjdk-headless~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java-1.8.0-openjdk-headless~debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java-1.8.0-openjdk-javadoc~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java-1.8.0-openjdk-javadoc~debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java-1.8.0-openjdk-src~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java-1.8.0-openjdk-src~debug~1.8.0.77~0.b03.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "scanner", "description": "Check the version of java", "modified": "2019-03-08T00:00:00", "published": "2016-03-25T00:00:00", "id": "OPENVAS:1361412562310882439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882439", "title": "CentOS Update for java CESA-2016:0514 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2016:0514 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882439\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 06:13:37 +0100 (Fri, 25 Mar 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0514 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages contain\nthe latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8.\nThese packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0514\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021773.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java~1.8.0~openjdk~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java~1.8.0~openjdk~debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java~1.8.0~openjdk~demo~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java~1.8.0~openjdk~demo~debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java~1.8.0~openjdk~devel~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java~1.8.0~openjdk~devel~debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java~1.8.0~openjdk~headless~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java~1.8.0~openjdk~headless~debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java~1.8.0~openjdk~javadoc~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java~1.8.0~openjdk~javadoc~debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java~1.8.0~openjdk~src~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java~1.8.0~openjdk~src~debug~1.8.0.77~0.b03.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-04-12T00:00:00", "id": "OPENVAS:1361412562310851270", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851270", "title": "SuSE Update for java-1_7_0-openjdk openSUSE-SU-2016:1004-1 (java-1_7_0-openjdk)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1004_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for java-1_7_0-openjdk openSUSE-SU-2016:1004-1 (java-1_7_0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851270\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-12 05:17:03 +0200 (Tue, 12 Apr 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for java-1_7_0-openjdk openSUSE-SU-2016:1004-1 (java-1_7_0-openjdk)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the\n following issues:\n\n Update to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n\n * Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n\n * Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n\n * Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n\n * Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n * CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp &amp result &amp &amp x.any &amp &amp y.any' failed\n\n * AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts =32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile counters\n\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n\n - -enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n\n - S8146709, PR2852: AArch64: Inco ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1004_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap\", rpm:\"java-1_7_0-openjdk-bootstrap~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-debuginfo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debugsource\", rpm:\"java-1_7_0-openjdk-bootstrap-debugsource~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel\", rpm:\"java-1_7_0-openjdk-bootstrap-devel~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless\", rpm:\"java-1_7_0-openjdk-bootstrap-headless~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.99~28.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310871589", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871589", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0512-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2016:0512-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871589\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:11 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2016:0512-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the\nOpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit\nfor compiling and executing Java programs.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0512-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00069.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-headless\", rpm:\"java-1.7.0-openjdk-headless~1.7.0.99~2.6.5.0.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.99~2.6.5.0.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2016-0130", "modified": "2018-10-12T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131314", "title": "Mageia Linux Local Check: mgasa-2016-0130", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0130.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131314\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:18:17 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0130\");\n script_tag(name:\"insight\", value:\"Updated java-1.8.0-openjdk packages fix security vulnerability: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions (CVE-2016-0636). Also, the icedtea-web package has been updated to version 1.6.2 to fix all known issues in the Java browser plugin.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0130.html\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0130\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java-1.8.0-openjdk~1.8.0.77~1.b03.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.6.2~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310871587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871587", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0511-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2016:0511-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871587\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:07 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2016:0511-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide\nthe OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development\nKit for compiling and executing Java programs.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0511-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00068.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.99~2.6.5.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.99~2.6.5.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.99~2.6.5.0.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "scanner", "description": "Check the version of java", "modified": "2019-03-08T00:00:00", "published": "2016-03-25T00:00:00", "id": "OPENVAS:1361412562310882440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882440", "title": "CentOS Update for java CESA-2016:0512 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2016:0512 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882440\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 06:13:39 +0100 (Fri, 25 Mar 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0512 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.7.0-openjdk packages provide the\nOpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development\nKit for compiling and executing Java programs.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0512\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021775.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java~1.7.0~openjdk~1.7.0.99~2.6.5.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java~1.7.0~openjdk~demo~1.7.0.99~2.6.5.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java~1.7.0~openjdk~devel~1.7.0.99~2.6.5.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java~1.7.0~openjdk~javadoc~1.7.0.99~2.6.5.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java~1.7.0~openjdk~src~1.7.0.99~2.6.5.0.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:08", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-04-08T00:00:00", "id": "OPENVAS:1361412562310851266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851266", "title": "SuSE Update for java-1_7_0-openjdk openSUSE-SU-2016:0971-1 (java-1_7_0-openjdk)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_0971_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for java-1_7_0-openjdk openSUSE-SU-2016:0971-1 (java-1_7_0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851266\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-08 05:01:30 +0200 (Fri, 08 Apr 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for java-1_7_0-openjdk openSUSE-SU-2016:0971-1 (java-1_7_0-openjdk)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk fixes the following issues:\n\n java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n * Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n\n * Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind JMX remote\n connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently\n for IPv6 addresses\n\n * Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu misbehaves when\n running multiple screen stacked vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell\n\n * Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n * CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest\n &amp &amp result &amp &amp x.any &amp &amp y.any' failed\n\n * AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in\n interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal instructions with int\n shifts =32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking\n implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile counters\n\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when checking if\n ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class status with load\n acquire\n\n - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java\n fails with\n\n - -enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0971_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap\", rpm:\"java-1_7_0-openjdk-bootstrap~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-debuginfo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debugsource\", rpm:\"java-1_7_0-openjdk-bootstrap-debugsource~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel\", rpm:\"java-1_7_0-openjdk-bootstrap-devel~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless\", rpm:\"java-1_7_0-openjdk-bootstrap-headless~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.99~19.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "scanner", "description": "Check the version of java", "modified": "2019-03-08T00:00:00", "published": "2016-03-25T00:00:00", "id": "OPENVAS:1361412562310882443", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882443", "title": "CentOS Update for java CESA-2016:0513 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2016:0513 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882443\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 06:13:45 +0100 (Fri, 25 Mar 2016)\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for java CESA-2016:0513 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of java\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The java-1.8.0-openjdk packages contain\nthe latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8.\nThese packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n * An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java\nSandbox restrictions. (CVE-2016-0636)\");\n script_tag(name:\"affected\", value:\"java on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0513\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021778.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk\", rpm:\"java~1.8.0~openjdk~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility\", rpm:\"java~1.8.0~openjdk~accessibility~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-accessibility-debug\", rpm:\"java~1.8.0~openjdk~accessibility~debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-debug\", rpm:\"java~1.8.0~openjdk~debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo\", rpm:\"java~1.8.0~openjdk~demo~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-demo-debug\", rpm:\"java~1.8.0~openjdk~demo~debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel\", rpm:\"java~1.8.0~openjdk~devel~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-devel-debug\", rpm:\"java~1.8.0~openjdk~devel~debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless\", rpm:\"java~1.8.0~openjdk~headless~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-headless-debug\", rpm:\"java~1.8.0~openjdk~headless~debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc\", rpm:\"java~1.8.0~openjdk~javadoc~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-javadoc-debug\", rpm:\"java~1.8.0~openjdk~javadoc~debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src\", rpm:\"java~1.8.0~openjdk~src~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.8.0-openjdk-src-debug\", rpm:\"java~1.8.0~openjdk~src~debug~1.8.0.77~0.b03.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "description": "The host is installed with Oracle Java SE\n and is prone to unspecified vulnerability.", "modified": "2019-05-17T00:00:00", "published": "2016-03-28T00:00:00", "id": "OPENVAS:1361412562310807735", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807735", "title": "Oracle Java SE JRE Unspecified Vulnerability March 2016 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_java_unspecified_vuln_mar16.nasl 57879 2016-03-28 14:58:10 +0530 March$\n#\n# Oracle Java SE JRE Unspecified Vulnerability March 2016 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:jre\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807735\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2016-0636\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-28 14:58:10 +0530 (Mon, 28 Mar 2016)\");\n script_name(\"Oracle Java SE JRE Unspecified Vulnerability March 2016 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity and availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 7 update 97, 8 update 73,\n 8 update 74 and prior on Windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\n\njreVer = infos['version'];\njrePath = infos['location'];\n\nif(jreVer =~ \"^(1\\.(7|8))\")\n{\n if(version_in_range(version:jreVer, test_version:\"1.7.0\", test_version2:\"1.7.0.97\")||\n version_in_range(version:jreVer, test_version:\"1.8.0\", test_version2:\"1.8.0.74\"))\n {\n report = report_fixed_ver(installed_version:jreVer, fixed_version:\"Apply the patch\", install_path:jrePath);\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:25", "bulletinFamily": "info", "description": "### *Detect date*:\n03/23/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Oracle Java SE. By exploiting this vulnerability malicious users can cause denial of service, affect integrity or obtain sensitive information. This vulnerability can be exploited remotely via vectors related to subcomponent Hotspot\n\n### *Affected products*:\nOracle Java SE versions 7.97, 8.73 and 8.74\n\n### *Solution*:\nUpdate to the latest version \n[Get Java SE](<http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html>)\n\n### *Original advisories*:\n[Oracle advisory](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2016-0636](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0636>)9.3Critical", "modified": "2019-03-07T00:00:00", "published": "2016-03-23T00:00:00", "id": "KLA10775", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10775", "title": "\r KLA10775An unknown vulnerability in Oracle Java SE ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:24:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0511\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033810.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0511.html", "modified": "2016-03-25T03:42:05", "published": "2016-03-25T03:42:05", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033810.html", "id": "CESA-2016:0511", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:45", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0514\n\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open Java\nDevelopment Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant\nimplementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033811.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0514.html", "modified": "2016-03-25T03:43:23", "published": "2016-03-25T03:43:23", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033811.html", "id": "CESA-2016:0514", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0513\n\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033816.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-accessibility\njava-1.8.0-openjdk-accessibility-debug\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0513.html", "modified": "2016-03-25T04:16:25", "published": "2016-03-25T04:16:25", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033816.html", "id": "CESA-2016:0513", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0512\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit for compiling and executing Java\nprograms.\n\nSecurity Fix(es):\n\n* An improper type safety check was discovered in the Hotspot component. An\nuntrusted Java application or applet could use this flaw to bypass Java Sandbox\nrestrictions. (CVE-2016-0636)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033813.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033815.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0512.html", "modified": "2016-03-25T04:16:06", "published": "2016-03-25T03:44:42", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033813.html", "id": "CESA-2016:0512", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-01-01T01:00:44", "bulletinFamily": "scanner", "description": "The version of Oracle Java SE or Java for Business installed on the\nremote host is affected by an arbitrary code execution vulnerability\nin the Hotspot subcomponent due to an unsafe implementation of the\nReflection API, which improperly processes JSR 292 method handles due\nto a lack of enforcement of class loader constraints. A remote\nattacker can exploit this, by convincing a user to visit a malicious\nweb page, to execute arbitrary code outside the Java sandbox.", "modified": "2020-01-02T00:00:00", "id": "ORACLE_JAVA_SE_CVE-2016-0636.NASL", "href": "https://www.tenable.com/plugins/nessus/90828", "published": "2016-05-02T00:00:00", "title": "Oracle Java SE Hotspot JSR 292 Method Handles RCE", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90828);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"Oracle Java SE Hotspot JSR 292 Method Handles RCE\");\n script_summary(english:\"Checks the version of the JRE.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\naffected by an arbitrary code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Java SE or Java for Business installed on the\nremote host is affected by an arbitrary code execution vulnerability\nin the Hotspot subcomponent due to an unsafe implementation of the\nReflection API, which improperly processes JSR 292 method handles due\nto a lack of enforcement of class loader constraints. A remote\nattacker can exploit this, by convincing a user to visit a malicious\nweb page, to execute arbitrary code outside the Java sandbox.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.oracle.com/oraclesecurity/\");\n # https://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd69ab47\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 8 Update 77, 7 Update 99 or later.\nIf necessary, remove any affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Only windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n # Fixes : (JDK|JRE) 8 Update 77 / 7 Update 99\n if (\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-8][0-9]|9[0-8])([^0-9]|$)' ||\n ver =~ '^1\\\\.8\\\\.0_([0-9]|[0-6][0-9]|7[0-6])([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_99 / 1.8.0_77\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' + info;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T00:27:53", "bulletinFamily": "scanner", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\njava-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of ", "modified": "2020-01-02T00:00:00", "id": "OPENSUSE-2016-457.NASL", "href": "https://www.tenable.com/plugins/nessus/90529", "published": "2016-04-15T00:00:00", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-457)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-457.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90529);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/24 13:46:11 $\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-457)\");\n script_summary(english:\"Check for the openSUSE-2016-457 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\njava-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\n\n Update to 2.6.5 - OpenJDK 7u99 (boo#972468)\n\n - Security fixes\n\n - S8152335, CVE-2016-0636: Improve MethodHandle\n consistency\n\n - Import of OpenJDK 7 u99 build 0\n\n - S6425769, PR2858: Allow specifying an address to bind\n JMX remote connector\n\n - S6961123: setWMClass fails to null-terminate WM_CLASS\n string\n\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n\n - Backports\n\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending\n exceptions\n\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n\n - S8071705. PR2819, RH1182694: Java application menu\n misbehaves when running multiple screen stacked\n vertically\n\n - S8150954, PR2866, RH1176206: AWT Robot not compatible\n with GNOME Shell\n\n - Bug fixes\n\n - PR2803: Make system CUPS optional\n\n - PR2886: Location of 'stap' executable is hard-coded\n\n - PR2893: test/tapset/jstaptest.pl should be executable\n\n - PR2894: Add missing test directory in make check.\n\n - CACAO\n\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n\n - AArch64 port\n\n - PR2852: Add support for large code cache\n\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n\n - S8133352, PR2852: aarch64: generates constrained\n unpredictable instructions\n\n - S8133842, PR2852: aarch64: C2 generates illegal\n instructions with int shifts >=32\n\n - S8134322, PR2852: AArch64: Fix several errors in C2\n biased locking implementation\n\n - S8136615, PR2852: aarch64: elide DecodeN when followed\n by CmpP 0\n\n - S8138575, PR2852: Improve generated code for profile\n counters\n\n - S8138641, PR2852: Disable C2 peephole by default for\n aarch64\n\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n\n - S8143067, PR2852: aarch64: guarantee failure in javac\n\n - S8143285, PR2852: aarch64: Missing load acquire when\n checking if ConstantPoolCacheEntry is resolved\n\n - S8143584, PR2852: Load constant pool tag and class\n status with load acquire\n\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n\n --enable-unlimited-crypto\n\n - S8144582, PR2852: AArch64 does not generate correct\n branch profile data\n\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n\n - S8147805, PR2852: aarch64: C1 segmentation fault due to\n inline Unsafe.getAndSetObject\n\n - S8148240, PR2852: aarch64: random infrequent NULL\n pointer exceptions in javac\n\n - PPC & AIX port\n\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n\n - S8139421, PR2851: PPC64LE:\n MacroAssembler::bxx64_patchable kill register R12\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.99-24.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-src-1.7.0.99-24.33.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk / java-1_7_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:01:38", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2016:0514 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "modified": "2020-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2016-0514.NASL", "href": "https://www.tenable.com/plugins/nessus/90177", "published": "2016-03-25T00:00:00", "title": "Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2016-0514)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0514 and \n# Oracle Linux Security Advisory ELSA-2016-0514 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90177);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:37\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0514\");\n\n script_name(english:\"Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2016-0514)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0514 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005907.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:14:38", "bulletinFamily": "scanner", "description": "An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "modified": "2020-01-02T00:00:00", "id": "REDHAT-RHSA-2016-0514.NASL", "href": "https://www.tenable.com/plugins/nessus/90182", "published": "2016-03-25T00:00:00", "title": "RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0514)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0514. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90182);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0514\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0514)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0514\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el6_7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T00:27:52", "bulletinFamily": "scanner", "description": "This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following\nissues :\n\n - CVE-2016-0636: Improve MethodHandle consistency fixes\n crash / code execution problems.", "modified": "2020-01-02T00:00:00", "id": "OPENSUSE-2016-432.NASL", "href": "https://www.tenable.com/plugins/nessus/90475", "published": "2016-04-13T00:00:00", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-432)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-432.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90475);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/24 13:46:11 $\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-432)\");\n script_summary(english:\"Check for the openSUSE-2016-432 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following\nissues :\n\n - CVE-2016-0636: Improve MethodHandle consistency fixes\n crash / code execution problems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972468\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.77-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-src-1.8.0.77-24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:37:52", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - An improper type safety check was discovered in the\n Hotspot component. An untrusted Java application or\n applet could use this flaw to bypass Java Sandbox\n restrictions. (CVE-2016-0636)", "modified": "2020-01-02T00:00:00", "id": "SL_20160325_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90244", "published": "2016-03-28T00:00:00", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90244);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-0636\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An improper type safety check was discovered in the\n Hotspot component. An untrusted Java application or\n applet could use this flaw to bypass Java Sandbox\n restrictions. (CVE-2016-0636)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=14726\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38e77b86\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T06:22:20", "bulletinFamily": "scanner", "description": "According to the version of the java-1.7.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - An improper type safety check was discovered in the\n Hotspot component. An untrusted Java application or\n applet could use this flaw to bypass Java Sandbox\n restrictions. (CVE-2016-0636)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-01-02T00:00:00", "id": "EULEROS_SA-2016-1010.NASL", "href": "https://www.tenable.com/plugins/nessus/99773", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1010)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99773);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-0636\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1010)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the java-1.7.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - An improper type safety check was discovered in the\n Hotspot component. An untrusted Java application or\n applet could use this flaw to bypass Java Sandbox\n restrictions. (CVE-2016-0636)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1010\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?adc2226d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0\",\n \"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0\",\n \"java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \" java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-03T06:41:01", "bulletinFamily": "scanner", "description": "An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "modified": "2020-01-02T00:00:00", "id": "CENTOS_RHSA-2016-0512.NASL", "href": "https://www.tenable.com/plugins/nessus/90157", "published": "2016-03-25T00:00:00", "title": "CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0512)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0512 and \n# CentOS Errata and Security Advisory 2016:0512 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90157);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0512\");\n\n script_name(english:\"CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0512)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021775.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2aa1aac\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021777.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?799f4e18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0636\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-03T06:41:01", "bulletinFamily": "scanner", "description": "An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "modified": "2020-01-02T00:00:00", "id": "CENTOS_RHSA-2016-0513.NASL", "href": "https://www.tenable.com/plugins/nessus/90158", "published": "2016-03-25T00:00:00", "title": "CentOS 7 : java-1.8.0-openjdk (CESA-2016:0513)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0513 and \n# CentOS Errata and Security Advisory 2016:0513 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90158);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0513\");\n\n script_name(english:\"CentOS 7 : java-1.8.0-openjdk (CESA-2016:0513)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages contain the latest version of the Open\nJava Development Kit (OpenJDK), OpenJDK 8. These packages provide a\nfully compliant implementation of Java SE 8.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021778.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?800fc611\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0636\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.77-0.b03.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.77-0.b03.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-03T06:41:01", "bulletinFamily": "scanner", "description": "An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)", "modified": "2020-01-02T00:00:00", "id": "CENTOS_RHSA-2016-0511.NASL", "href": "https://www.tenable.com/plugins/nessus/90156", "published": "2016-03-25T00:00:00", "title": "CentOS 6 : java-1.7.0-openjdk (CESA-2016:0511)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0511 and \n# CentOS Errata and Security Advisory 2016:0511 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90156);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2016-0636\");\n script_xref(name:\"RHSA\", value:\"2016:0511\");\n\n script_name(english:\"CentOS 6 : java-1.7.0-openjdk (CESA-2016:0511)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit for\ncompiling and executing Java programs.\n\nSecurity Fix(es) :\n\n* An improper type safety check was discovered in the Hotspot\ncomponent. An untrusted Java application or applet could use this flaw\nto bypass Java Sandbox restrictions. (CVE-2016-0636)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021772.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9128a65\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0636\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:51", "bulletinFamily": "unix", "description": "A vulnerability was discovered in the JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "USN-2942-1", "href": "https://usn.ubuntu.com/2942-1/", "title": "OpenJDK 7 vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2019-05-29T19:20:28", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk,java-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system. \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.8.0-openjdk-devel-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-headless-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-demo-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-src-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.8.0-openjdk-1.8.0.77-0.b03.9.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.99-2.6.5.0.66.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.66.amzn1.i686 \n \n noarch: \n java-1.8.0-openjdk-javadoc-1.8.0.77-0.b03.9.amzn1.noarch \n java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.66.amzn1.noarch \n \n src: \n java-1.8.0-openjdk-1.8.0.77-0.b03.9.amzn1.src \n java-1.7.0-openjdk-1.7.0.99-2.6.5.0.66.amzn1.src \n \n x86_64: \n java-1.8.0-openjdk-demo-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-headless-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-src-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-debuginfo-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.8.0-openjdk-devel-1.8.0.77-0.b03.9.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.66.amzn1.x86_64 \n \n \n", "modified": "2016-03-29T15:30:00", "published": "2016-03-29T15:30:00", "id": "ALAS-2016-677", "href": "https://alas.aws.amazon.com/ALAS-2016-677.html", "title": "Critical: java-1.8.0-openjdk,java-1.7.0-openjdk", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the &quot;loadersAreRelated()&quot; method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-04-01T00:00:00", "published": "2016-04-01T00:00:00", "id": "ASA-201604-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html", "title": "jre7-openjdk: sandbox escape", "type": "archlinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:40", "bulletinFamily": "unix", "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the &quot;loadersAreRelated()&quot; method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "ASA-201603-26", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html", "title": "jre8-openjdk: sandbox escape", "type": "archlinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the &quot;loadersAreRelated()&quot; method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "ASA-201603-27", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html", "title": "jre8-openjdk-headless: sandbox escape", "type": "archlinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the &quot;loadersAreRelated()&quot; method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-04-01T00:00:00", "published": "2016-04-01T00:00:00", "id": "ASA-201604-3", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html", "type": "archlinux", "title": "jre7-openjdk-headless: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:45", "bulletinFamily": "unix", "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the &quot;loadersAreRelated()&quot; method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "ASA-201603-25", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html", "title": "jdk8-openjdk: sandbox escape", "type": "archlinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "description": "It was discovered that the security fix for CVE-2013-5838 was incomplete\nand still allowed remote attackers to escape the Java security sandbox\nmechanism.\nThe root problem is that the Reflection API does not properly guarantee\ntype safety when Method Handle objects were invoked across two different\nClass Loader namespaces.\nA part of the original patch was to use the &quot;loadersAreRelated()&quot; method\nto ensure that the two Class Loaders are related, which is a condition\nfor correct type safety.\nHowever, this condition could be easily fulfilled by abusing certain\nbehaviors in the class loading process, which could allow an attacker\nto bypass the type safety checks and ultimately escape the security\nsandbox mechanism.", "modified": "2016-04-01T00:00:00", "published": "2016-04-01T00:00:00", "id": "ASA-201604-1", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html", "type": "archlinux", "title": "jdk7-openjdk: sandbox escape", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:35", "bulletinFamily": "info", "description": "Oracle yesterday released an [emergency patch](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>) for a Java vulnerability that was improperly patched in 2013.\n\nResearchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still [trivially exploitable](<https://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/>), and it enabled attackers to remotely execute code and bypass the Java sandbox.\n\nOracle did not confirm many details in its advisory Wednesday, other than to urge users to patch immediately since [details on the flaw](<http://www.security-explorations.com/materials/SE-2012-01-ORACLE-14.pdf>) were publicly available. Java SE 7 Update 97 and Java 8 Update 73 and 74 for Windows, Mac OS X, Linux and Solaris are vulnerable, Oracle said. Security Explorations founder Adam Gowdiak told Threatpost today that the patch correctly addressed the flaw.\n\n\u201cWe ran our POC code and found out that it stopped working. We don\u2019t expect the patch to be broken again as Oracle is now aware of our modified disclosure policy,\u201d he said.\n\nSecurity Explorations released the details in a paper and during a talk at the JavaLand conference. The public disclosures, Gowdiak said, reflect a new policy for the company around broken patches for vulnerabilities it discloses to vendors.\n\n\u201cIf an instance of a broken fix for a vulnerability we already reported to the vendor is encountered, it gets disclosed by us without any prior notice,\u201d Gowdiak wrote to the [Full Disclosure](<http://seclists.org/fulldisclosure/2016/Mar/31>) mailing list.\n\nGowdiak told Threatpost that the original vulnerability was an insecure implementation of the Reflection API that could be exploited by a class-spoofing attack against the Java virtual machine. Oracle said it backported from the Java Development Kit 8 a patched implementation of the method handles API to address the vulnerability.\n\nThe Security Explorations researchers, however, said that a four-character change to the proof-of-concept code sent to Oracle along with the original private disclosure could bypass sandbox protections in Java. \u201cIt\u2019s rather easy to exploit\u201d Gowdiak said. \u201cA malicious Java applet needs to be fetched from a custom HTTP (WWW) server. The reason for it is that the server needs to respond with a \u201cNot found\u201d error when a given Java class file is requested for the first time.\u201d\n", "modified": "2016-03-24T17:47:12", "published": "2016-03-24T12:05:59", "id": "THREATPOST:C5ABB0FE00FFADD0EC2217E7319B3E68", "href": "https://threatpost.com/emergency-java-patch-re-issued-for-2013-vulnerability/116967/", "type": "threatpost", "title": "Emergency Java Patch Re-Issued for 2013 Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:28", "bulletinFamily": "unix", "description": "### Background\n\nIcedTea\u2019s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. \n\n### Description\n\nVarious OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers may execute arbitrary code, compromise information, or cause Denial of Service. \n\n### Workaround\n\nThere is no known work around at this time.\n\n### Resolution\n\nGentoo Security is no longer supporting dev-java/icedtea, as it has been officially dropped from the stable tree. \n\nUsers of the IcedTea 3.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-3.0.1\"\n \n\nUsers of the IcedTea 7.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-7.2.6.6\"", "modified": "2016-06-27T00:00:00", "published": "2016-06-27T00:00:00", "id": "GLSA-201606-18", "href": "https://security.gentoo.org/glsa/201606-18", "type": "gentoo", "title": "IcedTea: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-18T12:42:07", "bulletinFamily": "unix", "description": "### Background\n\nJava Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today\u2019s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today\u2019s applications require. \n\n### Description\n\nMultiple vulnerabilities exist in both Oracle\u2019s JRE and JDK. Please review the referenced CVE\u2019s for additional information. \n\n### Impact\n\nRemote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JRE Users users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/oracle-jre-bin-1.8.0.101\"\n \n\nAll Oracle JDK Users users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/oracle-jdk-bin-1.8.0.101\"", "modified": "2016-10-15T00:00:00", "published": "2016-10-15T00:00:00", "href": "https://security.gentoo.org/glsa/201610-08", "id": "GLSA-201610-08", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:17", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-04-06T16:50:00", "published": "2016-05-26T22:43:00", "href": "https://support.f5.com/csp/article/K77535578", "id": "F5:K77535578", "title": "Multiple Java SE client-side vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:56", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-05-26T00:00:00", "published": "2016-05-26T00:00:00", "id": "SOL77535578", "href": "http://support.f5.com/kb/en-us/solutions/public/k/77/sol77535578.html", "type": "f5", "title": "SOL77535578 - Multiple Java SE client-side vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:39", "bulletinFamily": "unix", "description": "Package : openjdk-7\nVersion : 7u101-2.6.6-2~deb7u1\nCVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687\n\t\t CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, denial of service or information disclosure.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n7u101-2.6.6-2~deb7u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nPlease note that OpenJDK 7 will be made the new default Java\nimplementation on 26 June 2016. For further information please refer to\n\n\thttps://wiki.debian.org/LTS/Wheezy\n", "modified": "2016-05-03T10:37:58", "published": "2016-05-03T10:37:58", "id": "DEBIAN:DLA-451-1:707F7", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00001.html", "title": "[SECURITY] [DLA 451-1] openjdk-7 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-27T02:26:19", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3558-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 26, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-7\nCVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 \n CVE-2016-3425 CVE-2016-3426 CVE-2016-3427\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, denial of service or information disclosure.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7u101-2.6.6-1~deb8u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-04-26T20:25:31", "published": "2016-04-26T20:25:31", "id": "DEBIAN:DSA-3558-1:5D79E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00134.html", "title": "[SECURITY] [DSA 3558-1] openjdk-7 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:21:01", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 136 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n** Please note that on March 23, 2016, Oracle released [Security Alert for Java SE for CVE-2016-0636](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>). Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced for CVE-2016-0636. **\n\nPlease also note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 and 2.0 of Common Vulnerability Scoring Standard (CVSS). Future Critical Patch Updates and Security Alerts will be scored using CVSS version 3.0 only.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2016-12-20T00:00:00", "published": "2016-04-19T00:00:00", "id": "ORACLE:CPUAPR2016V3-2985753", "href": "", "title": "cpuapr2016v3", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}