SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:1997-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93272);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for java-1_7_0-openjdk fixes the following issues :

  - Update to 2.6.7 - OpenJDK 7u111

  - Security fixes

  - S8079718, CVE-2016-3458: IIOP Input Stream Hooking
    (bsc#989732)

  - S8145446, CVE-2016-3485: Perfect pipe placement (Windows
    only) (bsc#989734)

  - S8147771: Construction of static protection domains
    under Javax custom policy

  - S8148872, CVE-2016-3500: Complete name checking
    (bsc#989730)

  - S8149962, CVE-2016-3508: Better delineation of XML
    processing (bsc#989731)

  - S8150752: Share Class Data

  - S8151925: Font reference improvements

  - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)

  - S8155981, CVE-2016-3606: Bolster bytecode verification
    (bsc#989722)

  - S8155985, CVE-2016-3598: Persistent Parameter Processing
    (bsc#989723)

  - S8158571, CVE-2016-3610: Additional method handle
    validation (bsc#989725)

  - CVE-2016-3511 (bsc#989727)

  - CVE-2016-3503 (bsc#989728)

  - CVE-2016-3498 (bsc#989729)

  - Import of OpenJDK 7 u111 build 0

  - S6953295: Move few sun.security.{util, x509, pkcs}
    classes used by keytool/jarsigner to another package

  - S7060849: Eliminate pack200 build warnings

  - S7064075: Security libraries don't build with javac

    -Xlint:all,-deprecation -Werror

  - S7069870: Parts of the JDK erroneously rely on generic
    array initializers with diamond

  - S7102686: Restructure timestamp code so that jars and
    modules can more easily share the same code

  - S7105780: Add SSLSocket client/SSLEngine server to
    templates directory

  - S7142339: PKCS7.java is needlessly creating SHA1PRNG
    SecureRandom instances when timestamping is not done

  - S7152582: PKCS11 tests should use the NSS libraries
    available in the OS

  - S7192202: Make sure keytool prints both unknown and
    unparseable extensions

  - S7194449: String resources for Key Tool and Policy Tool
    should be in their respective packages

  - S7196855: autotest.sh fails on ubuntu because
    libsoftokn.so not found

  - S7200682: TEST_BUG: keytool/autotest.sh still has
    problems with libsoftokn.so

  - S8002306: (se) Selector.open fails if invoked with
    thread interrupt status set [win]

  - S8009636: JARSigner including TimeStamp PolicyID
    (TSAPolicyID) as defined in RFC3161

  - S8019341: Update CookieHttpsClientTest to use the newer
    framework.

  - S8022228: Intermittent test failures in
    sun/security/ssl/javax/net/ssl/NewAPIs

  - S8022439: Fix lint warnings in sun.security.ec

  - S8022594: Potential deadlock in <clinit> of
    sun.nio.ch.Util/IOUtil

  - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails
    intermittently

  - S8036612: [parfait] JNI exception pending in
    jdk/src/windows/native/sun/security/mscapi/security.cpp

  - S8037557: test SessionCacheSizeTests.java timeout

  - S8038837: Add support to jarsigner for specifying
    timestamp hash algorithm

  - S8079410: Hotspot version to share the same update and
    build version from JDK

  - S8130735: javax.swing.TimerQueue: timer fires late when
    another timer starts

  - S8139436: sun.security.mscapi.KeyStore might load
    incomplete data

  - S8144313: Test SessionTimeOutTests can be timeout

  - S8146387: Test SSLSession/SessionCacheSizeTests socket
    accept timed out

  - S8146669: Test SessionTimeOutTests fails intermittently

  - S8146993: Several javax/management/remote/mandatory
    regression tests fail after JDK-8138811

  - S8147857: [TEST] RMIConnector logs attribute names
    incorrectly

  - S8151841, PR3098: Build needs additional flags to
    compile with GCC 6

  - S8151876: (tz) Support tzdata2016d

  - S8157077: 8u101 L10n resource file updates

  - S8161262: Fix jdk build with gcc 4.1.2:
    -fno-strict-overflow not known.

  - Import of OpenJDK 7 u111 build 1

  - S7081817:
    test/sun/security/provider/certpath/X509CertPath/Illegal
    Certificates.java f ailing

  - S8140344: add support for 3 digit update release numbers

  - S8145017: Add support for 3 digit hotspot minor version
    numbers

  - S8162344: The API changes made by CR 7064075 need to be
    reverted

  - Backports

  - S2178143, PR2958: JVM crashes if the number of bound
    CPUs changed during runtime

  - S4900206, PR3101: Include worst-case rounding tests for
    Math library functions

  - S6260348, PR3067: GTK+ L&F JTextComponent not respecting
    desktop caret blink rate

  - S6934604, PR3075: enable parts of EliminateAutoBox by
    default

  - S7043064, PR3020: sun/java2d/cmm/ tests failed against
    RI b141 & b138-nightly

  - S7051394, PR3020: NullPointerException when running
    regression tests LoadProfileTest by using openjdk-7-b144

  - S7086015, PR3013: fix
    test/tools/javac/parser/netbeans/JavacParserTest.java

  - S7119487, PR3013: JavacParserTest.java test fails on
    Windows platforms

  - S7124245, PR3020: [lcms] ColorConvertOp to color space
    CS_GRAY apparently converts orange to 244,244,0

  - S7159445, PR3013: (javac) emits inaccurate diagnostics
    for enhanced for-loops

  - S7175845, PR1437, RH1207129: 'jar uf' changes file
    permissions unexpectedly

  - S8005402, PR3020: Need to provide benchmarks for color
    management

  - S8005530, PR3020: [lcms] Improve performance of
    ColorConverOp for default destinations

  - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel
    is not transferred from source to destination.

  - S8013430, PR3020: REGRESSION:
    closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr
    ofileTest.java fail s with
    java.io.StreamCorruptedException: invalid type code: EE
    since 8b87

  - S8014286, PR3075: failed java/lang/Math/DivModTests.java
    after 6934604 changes

  - S8014959, PR3075:
    assert(Compile::current()->live_nodes()
    (uint)MaxNodeLimit) failed: Live Node limit exceeded
    limit

  - S8019247, PR3075: SIGSEGV in compiled method
    c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object

  - S8024511, PR3020: Crash during color profile destruction

  - S8025429, PR3020: [parfait] warnings from b107 for
    sun.java2d.cmm: JNI exception pending

  - S8026702, PR3020: Fix for 8025429 breaks jdk build on
    windows

  - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for
    Java_awt test suit

  - S8047066, PR3020: Test
    test/sun/awt/image/bug8038000.java fails with
    ClassCastException

  - S8069181, PR3012, RH1015612: java.lang.AssertionError
    when compiling JDK 1.4 code in JDK 8

  - S8158260, PR2992, RH1341258: PPC64: unaligned
    Unsafe.getInt can lead to the generation of illegal
    instructions (bsc#988651)

  - S8159244, PR3075: Partially initialized string object
    created by C2's string concat optimization may escape

  - Bug fixes

  - PR2799, RH1195203: Files are missing from resources.jar

  - PR2900: Don't use WithSeed versions of NSS functions as
    they don't fully process the seed

  - PR3091: SystemTap is heavily confused by multiple JDKs

  - PR3102: Extend 8022594 to AixPollPort

  - PR3103: Handle case in clean-fonts where
    linux.fontconfig.Gentoo.properties.old has not been
    created

  - PR3111: Provide option to disable SystemTap tests

  - PR3114: Don't assume system mime.types supports
    text/x-java-source

  - PR3115: Add check for elliptic curve cryptography
    implementation

  - PR3116: Add tests for Java debug info and source files

  - PR3118: Path to agpl-3.0.txt not updated

  - PR3119: Makefile handles cacerts as a symlink, but the
    configure check doesn't

  - AArch64 port

  - S8148328, PR3100: aarch64: redundant lsr instructions in
    stub code.

  - S8148783, PR3100: aarch64: SEGV running SpecJBB2013

  - S8148948, PR3100: aarch64: generate_copy_longs calls
    align() incorrectly

  - S8150045, PR3100: arraycopy causes segfaults in SATB
    during garbage collection

  - S8154537, PR3100: AArch64: some integer rotate
    instructions are never emitted

  - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess
    loads in wrong mode

  - S8157906, PR3100: aarch64: some more integer rotate
    instructions are never emitted

  - Enable SunEC for SLE12 and Leap (bsc#982366)

  - Fix aarch64 running with 48 bits va space
    (bsc#984684)</clinit>

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=982366"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=984684"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=988651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989723"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989725"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989727"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989728"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989730"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989731"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989732"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989733"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=989734"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3458/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3485/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3498/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3500/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3503/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3508/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3511/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3550/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3598/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3606/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3610/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20161997-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2041c177"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2016-1186=1

SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP1-2016-1186=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debugsource-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.111-33.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk");
}