Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-1248-1.NASL
HistoryMay 09, 2016 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:1248-1)

2016-05-0900:00:00
This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

This update for java-1_8_0-openjdk fixes the following security issues

  • April 2016 Oracle CPU (bsc#976340) :

    • CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.

    • CVE-2016-0687: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component

    • CVE-2016-0695: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to the Security Component

    • CVE-2016-3425: Unspecified vulnerability allowed remote attackers to affect availability via vectors related to JAXP

    • CVE-2016-3426: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to JCE

    • CVE-2016-3427: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:1248-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(90992);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/14");

  script_cve_id(
    "CVE-2016-0686",
    "CVE-2016-0687",
    "CVE-2016-0695",
    "CVE-2016-3425",
    "CVE-2016-3426",
    "CVE-2016-3427"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/06/02");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:1248-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This update for java-1_8_0-openjdk fixes the following security issues
- April 2016 Oracle CPU (bsc#976340) :

  - CVE-2016-0686: Unspecified vulnerability allowed remote
    attackers to affect confidentiality, integrity, and
    availability via vectors related to Serialization.

  - CVE-2016-0687: Unspecified vulnerability allowed remote
    attackers to affect confidentiality, integrity, and
    availability via vectors related to the Hotspot
    sub-component

  - CVE-2016-0695: Unspecified vulnerability allowed remote
    attackers to affect confidentiality via vectors related
    to the Security Component

  - CVE-2016-3425: Unspecified vulnerability allowed remote
    attackers to affect availability via vectors related to
    JAXP

  - CVE-2016-3426: Unspecified vulnerability allowed remote
    attackers to affect confidentiality via vectors related
    to JCE

  - CVE-2016-3427: Unspecified vulnerability allowed remote
    attackers to affect confidentiality, integrity, and
    availability via vectors related to JMX

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=976340");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0686/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0687/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0695/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3425/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3426/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3427/");
  # https://www.suse.com/support/update/announcement/2016/suse-su-20161248-1/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?27135751");
  script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-724=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-724=1

To bring your system up-to-date, use 'zypper patch'.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-debuginfo-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-debugsource-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-demo-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-devel-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-headless-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-openjdk-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-openjdk-debuginfo-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-openjdk-debugsource-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-openjdk-headless-1.8.0.91-11.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-11.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_8_0-openjdk");
}
VendorProductVersionCPE
novellsuse_linuxjava-1_8_0-openjdkp-cpe:/a:novell:suse_linux:java-1_8_0-openjdk
novellsuse_linuxjava-1_8_0-openjdk-debuginfop-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo
novellsuse_linuxjava-1_8_0-openjdk-debugsourcep-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource
novellsuse_linuxjava-1_8_0-openjdk-demop-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo
novellsuse_linuxjava-1_8_0-openjdk-demo-debuginfop-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo
novellsuse_linuxjava-1_8_0-openjdk-develp-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel
novellsuse_linuxjava-1_8_0-openjdk-headlessp-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless
novellsuse_linuxjava-1_8_0-openjdk-headless-debuginfop-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo
novellsuse_linux12cpe:/o:novell:suse_linux:12

Related

nessus 54
openvas 43
oraclelinux 5
ubuntu 3
suse 13
amazon 3
redhat 13
centos 5
mageia 1
debian 2
osv 1
ibm 51
gentoo 1
kaspersky 1
f5 2
aix 1
nessus
nessus
Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20160420)
2016-04-21 00:00:00
Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2016-0651)
2016-04-21 00:00:00
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-572)
2016-05-09 00:00:00
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:1262-1)
2016-05-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-688)
2016-05-09 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:1222-1)
2016-05-06 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-04-20 00:00:00
java-1.8.0-openjdk security update
2016-04-20 00:00:00
java-1.6.0-openjdk security update
2016-05-09 00:00:00
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-05-05 00:00:00
OpenJDK 6 vulnerabilities
2016-05-10 00:00:00
OpenJDK 7 vulnerabilities
2016-05-05 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2016-05-07 15:07:42
Security update for java-1_8_0-openjdk (important)
2016-05-06 13:13:04
Security update for java-1_8_0-openjdk (important)
2016-05-04 16:11:55
amazon
amazon
Critical: java-1.8.0-openjdk
2016-04-21 16:00:00
Critical: java-1.6.0-openjdk
2016-05-11 11:00:00
Critical: java-1.7.0-openjdk
2016-04-27 16:15:00
redhat
redhat
(RHSA-2016:0651) Critical: java-1.8.0-openjdk security update
2016-04-20 12:52:15
(RHSA-2016:0650) Critical: java-1.8.0-openjdk security update
2016-04-20 12:51:49
(RHSA-2016:0723) Critical: java-1.6.0-openjdk security update
2016-05-09 00:00:00
centos
centos
java security update
2016-04-21 14:19:29
java security update
2016-04-21 15:30:55
java security update
2016-04-21 14:18:59
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2016-04-25 10:57:21
debian
debian
[SECURITY] [DLA 451-1] openjdk-7 security update
2016-05-03 10:37:58
[SECURITY] [DSA 3558-1] openjdk-7 security update
2016-04-26 20:25:31
osv
osv
openjdk-7 - security update
2016-04-26 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Network Advisor (CVE-2016-3425, CVE-2016-3427, CVE-2016-0695).
2018-06-18 00:28:27
Security Bulletin: April 2016 Java Platform Standard Edition Vulnerabilities in N series Products
2018-06-18 00:34:32
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
2018-06-16 21:42:51
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2016-06-27 00:00:00
kaspersky
kaspersky
KLA10793 Multiple vulnerabilities in Oracle Java SE
2016-04-19 00:00:00
f5
f5
K77535578 : Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
SOL77535578 - Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-05-06 09:00:55
JSON
Related for SUSE_SU-2016-1248-1.NASL
nessus54openvas43oraclelinux5ubuntu3suse13amazon3redhat13centos5mageia1debian2osv1ibm51gentoo1kaspersky1f52aix1