Search...

SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)

2019-01-02T00:00:00

ID SUSE_SU-2016-2430-1.NASL
Type nessus
Reporter This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2019-01-02T00:00:00

Description

IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:2430-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(119980);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2016-3485");

  script_name(english:"SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"IBM Java 6 was updated to version 6.0-16.30. Following security issue
was fixed: CVE-2016-3485 Please see
https://www.ibm.com/developerworks/java/jdk/alerts/ for more
information.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=992537"
  );
  # https://www.ibm.com/developerworks/java/jdk/alerts/
  script_set_attribute(
    attribute:"see_also",
    value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-3485/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20162430-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dc0faec1"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Legacy Software 12:zypper in -t patch
SUSE-SLE-Module-Legacy-12-2016-1423=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" &gt;!&lt; cpu && "s390x" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.30-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-1.6.0_sr16.30-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.30-40.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.30-40.1")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-ibm");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_SU-2016-2430-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)", "description": "IBM Java 6 was updated to version 6.0-16.30. Following security issue\nwas fixed: CVE-2016-3485 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2019-01-02T00:00:00", "modified": "2019-01-02T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/119980", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?dc0faec1", "https://www.suse.com/security/cve/CVE-2016-3485/", "https://developer.ibm.com/javasdk/support/security-vulnerabilities/", "https://bugzilla.suse.com/show_bug.cgi?id=992537"], "cvelist": ["CVE-2016-3485"], "type": "nessus", "lastseen": "2021-01-07T14:24:45", "edition": 11, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-3485"]}, {"type": "suse", "idList": ["SUSE-SU-2016:2348-1", "SUSE-SU-2016:2261-1", "SUSE-SU-2016:2347-1", "SUSE-SU-2016:2012-1", "SUSE-SU-2016:2286-1", "SUSE-SU-2016:2726-1", "OPENSUSE-SU-2016:2058-1", "OPENSUSE-SU-2016:2052-1", "OPENSUSE-SU-2016:2050-1", "SUSE-SU-2016:1997-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2016-2286-1.NASL", "OPENSUSE-2016-977.NASL", "OPENSUSE-2016-976.NASL", "SUSE_SU-2016-2726-1.NASL", "SUSE_SU-2016-2261-1.NASL", "AIX_JAVA_JULY2016_ADVISORY.NASL", "SUSE_SU-2016-2348-1.NASL", "ORACLE_JROCKIT_CPU_JUL_2016.NASL", "SUSE_SU-2016-2347-1.NASL", "SUSE_SU-2016-1997-1.NASL"]}, {"type": "aix", "idList": ["JAVA_JULY2016_ADVISORY.ASC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808621", "OPENVAS:1361412562310851381", "OPENVAS:1361412562310851380", "OPENVAS:1361412562310851384", "OPENVAS:1361412562310851379", "OPENVAS:1361412562310108384"]}, {"type": "kaspersky", "idList": ["KLA10849"]}, {"type": "gentoo", "idList": ["GLSA-201701-43", "GLSA-201610-08"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2016", "ORACLE:CPUJUL2016-2881720"]}], "modified": "2021-01-07T14:24:45", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-01-07T14:24:45", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2430-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119980);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3485\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 was updated to version 6.0-16.30. Following security issue\nwas fixed: CVE-2016-3485 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992537\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162430-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc0faec1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Legacy Software 12:zypper in -t patch\nSUSE-SLE-Module-Legacy-12-2016-1423=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr16.30-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_6_0-ibm-1.6.0_sr16.30-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_6_0-ibm-fonts-1.6.0_sr16.30-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr16.30-40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-ibm\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "119980", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm"], "scheme": null, "cvss3": {"score": 2.9, "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}}

{"cve": [{"lastseen": "2020-10-03T12:10:45", "description": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.", "edition": 4, "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 2.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-07-21T10:12:00", "title": "CVE-2016-3485", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3485"], "modified": "2020-09-08T12:59:00", "cpe": ["cpe:/a:oracle:jre:1.6.0", "cpe:/a:oracle:jrockit:r28.3.10", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jre:1.8.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.8.0"], "id": "CVE-2016-3485", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3485", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:jre:1.7.0:update_101:*:*:*:*:*:*", "cpe:2.3:a:oracle:jrockit:r28.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_115:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update101:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_115:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2016-09-21T20:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3485"], "edition": 1, "description": "IBM Java 6 was updated to version 6.0-16.30.\n\n Following security issue was fixed: CVE-2016-3485\n\n Please see <a rel=\"nofollow\" href=\"https://www.ibm.com/developerworks/java/jdk/alerts/\">https://www.ibm.com/developerworks/java/jdk/alerts/</a> for more\n information.\n\n", "modified": "2016-09-21T20:10:47", "published": "2016-09-21T20:10:47", "id": "SUSE-SU-2016:2348-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00018.html", "type": "suse", "title": "Security update for java-1_6_0-ibm (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-07T21:22:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "description": "IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security\n issues:\n\n CVE-2016-3485 CVE-2016-3511 CVE-2016-3598\n\n Please see <a rel=\"nofollow\" href=\"https://www.ibm.com/developerworks/java/jdk/alerts/\">https://www.ibm.com/developerworks/java/jdk/alerts/</a> for more\n information.\n\n", "edition": 1, "modified": "2016-09-07T20:09:17", "published": "2016-09-07T20:09:17", "id": "SUSE-SU-2016:2261-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html", "type": "suse", "title": "Security update for java-1_7_1-ibm (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-04T17:27:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "edition": 1, "description": "IBM Java 8 was updated to version 8.0-3.10 to fix the following security\n issues:\n\n - CVE-2016-3485: Unspecified vulnerability allowed local users to affect\n integrity via vectors related to Networking\n - CVE-2016-3511: Unspecified vulnerability allowed local users to affect\n confidentiality, integrity, and availability via vectors related to\n Deployment\n - CVE-2016-3598: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to Libraries\n\n Please see <a rel=\"nofollow\" href=\"https://www.ibm.com/developerworks/java/jdk/alerts/\">https://www.ibm.com/developerworks/java/jdk/alerts/</a> for more\n information.\n\n - Add hwkeytool binary for zSeries.\n\n", "modified": "2016-11-04T15:16:34", "published": "2016-11-04T15:16:34", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00012.html", "id": "SUSE-SU-2016:2726-1", "type": "suse", "title": "Security update for java-1_8_0-ibm (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-10T17:28:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "description": "IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues\n (bsc#992537).\n\n Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598\n\n Please see <a rel=\"nofollow\" href=\"https://www.ibm.com/developerworks/java/jdk/alerts/\">https://www.ibm.com/developerworks/java/jdk/alerts/</a> for more\n information.\n\n", "edition": 1, "modified": "2016-09-10T16:09:41", "published": "2016-09-10T16:09:41", "id": "SUSE-SU-2016:2286-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html", "type": "suse", "title": "Security update for java-1_7_0-ibm (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-21T20:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "edition": 1, "description": "IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security\n issues:\n\n CVE-2016-3485 CVE-2016-3511 CVE-2016-3598\n\n Please see <a rel=\"nofollow\" href=\"https://www.ibm.com/developerworks/java/jdk/alerts/\">https://www.ibm.com/developerworks/java/jdk/alerts/</a> for more\n information.\n\n - Add hwkeytool binary for zSeries.\n\n", "modified": "2016-09-21T20:10:13", "published": "2016-09-21T20:10:13", "id": "SUSE-SU-2016:2347-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00017.html", "type": "suse", "title": "Security update for java-1_7_1-ibm (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "edition": 1, "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n - Update to 2.6.7 - OpenJDK 7u111\n * Security fixes\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n - S8147771: Construction of static protection domains under Javax\n custom policy\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n - S8150752: Share Class Data\n - S8151925: Font reference improvements\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n - CVE-2016-3511 (bsc#989727)\n - CVE-2016-3503 (bsc#989728)\n - CVE-2016-3498 (bsc#989729)\n * Import of OpenJDK 7 u111 build 0\n - S6953295: Move few sun.security.{util, x509, pkcs} classes used by\n keytool/jarsigner to another package\n - S7060849: Eliminate pack200 build warnings\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n - S7069870: Parts of the JDK erroneously rely on generic array\n initializers with diamond\n - S7102686: Restructure timestamp code so that jars and modules can\n more easily share the same code\n - S7105780: Add SSLSocket client/SSLEngine server to templates\n directory\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom\n instances when timestamping is not done\n - S7152582: PKCS11 tests should use the NSS libraries available in the\n OS\n - S7192202: Make sure keytool prints both unknown and unparseable\n extensions\n - S7194449: String resources for Key Tool and Policy Tool should be in\n their respective packages\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with\n libsoftokn.so\n - S8002306: (se) Selector.open fails if invoked with thread interrupt\n status set [win]\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as\n defined in RFC3161\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n - S8022439: Fix lint warnings in sun.security.ec\n - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n - S8037557: test SessionCacheSizeTests.java timeout\n - S8038837: Add support to jarsigner for specifying timestamp hash\n algorithm\n - S8079410: Hotspot version to share the same update and build version\n from JDK\n - S8130735: javax.swing.TimerQueue: timer fires late when another\n timer starts\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n - S8144313: Test SessionTimeOutTests can be timeout\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed\n out\n - S8146669: Test SessionTimeOutTests fails intermittently\n - S8146993: Several javax/management/remote/mandatory regression tests\n fail after JDK-8138811\n - S8147857: [TEST] RMIConnector logs attribute names incorrectly\n - S8151841, PR3098: Build needs additional flags to compile with GCC 6\n - S8151876: (tz) Support tzdata2016d\n - S8157077: 8u101 L10n resource file updates\n - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not\n known.\n * Import of OpenJDK 7 u111 build 1\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f\n ailing\n - S8140344: add support for 3 digit update release numbers\n - S8145017: Add support for 3 digit hotspot minor version numbers\n - S8162344: The API changes made by CR 7064075 need to be reverted\n * Backports\n - S2178143, PR2958: JVM crashes if the number of bound CPUs changed\n during runtime\n - S4900206, PR3101: Include worst-case rounding tests for Math library\n functions\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop\n caret blink rate\n - S6934604, PR3075: enable parts of EliminateAutoBox by default\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 &\n b138-nightly\n - S7051394, PR3020: NullPointerException when running regression tests\n LoadProfileTest by using openjdk-7-b144\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n - S7119487, PR3013: JavacParserTest.java test fails on Windows\n platforms\n - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY\n apparently converts orange to 244,244,0\n - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced\n for-loops\n - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions\n unexpectedly\n - S8005402, PR3020: Need to provide benchmarks for color management\n - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for\n default destinations\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not\n transferred from source to destination.\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail\n s with java.io.StreamCorruptedException: invalid type code: EE since\n 8b87\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java after\n 6934604 changes\n - S8014959, PR3075: assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded limit\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n - S8024511, PR3020: Crash during color profile destruction\n - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm:\n JNI exception pending\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt\n test suit\n - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling\n JDK 1.4 code in JDK 8\n - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead\n to the generation of illegal instructions (bsc#988651)\n - S8159244, PR3075: Partially initialized string object created by\n C2's string concat optimization may escape\n * Bug fixes\n - PR2799, RH1195203: Files are missing from resources.jar\n - PR2900: Don't use WithSeed versions of NSS functions as they don't\n fully process the seed\n - PR3091: SystemTap is heavily confused by multiple JDKs\n - PR3102: Extend 8022594 to AixPollPort\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been created\n - PR3111: Provide option to disable SystemTap tests\n - PR3114: Don't assume system mime.types supports text/x-java-source\n - PR3115: Add check for elliptic curve cryptography implementation\n - PR3116: Add tests for Java debug info and source files\n - PR3118: Path to agpl-3.0.txt not updated\n - PR3119: Makefile handles cacerts as a symlink, but the configure\n check doesn't\n * AArch64 port\n - S8148328, PR3100: aarch64: redundant lsr instructions in stub code.\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n - S8148948, PR3100: aarch64: generate_copy_longs calls align()\n incorrectly\n - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage\n collection\n - S8154537, PR3100: AArch64: some integer rotate instructions are\n never emitted\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in\n wrong mode\n - S8157906, PR3100: aarch64: some more integer rotate instructions are\n never emitted\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\n", "modified": "2016-08-09T17:15:22", "published": "2016-08-09T17:15:22", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html", "id": "SUSE-SU-2016:1997-1", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n - Update to 2.6.7 - OpenJDK 7u111\n * Security fixes\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n - S8147771: Construction of static protection domains under Javax\n custom policy\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n - S8150752: Share Class Data\n - S8151925: Font reference improvements\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n - CVE-2016-3511 (bsc#989727)\n - CVE-2016-3503 (bsc#989728)\n - CVE-2016-3498 (bsc#989729)\n * Import of OpenJDK 7 u111 build 0\n - S6953295: Move few sun.security.{util, x509, pkcs} classes used by\n keytool/jarsigner to another package\n - S7060849: Eliminate pack200 build warnings\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n - S7069870: Parts of the JDK erroneously rely on generic array\n initializers with diamond\n - S7102686: Restructure timestamp code so that jars and modules can\n more easily share the same code\n - S7105780: Add SSLSocket client/SSLEngine server to templates\n directory\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom\n instances when timestamping is not done\n - S7152582: PKCS11 tests should use the NSS libraries available in the\n OS\n - S7192202: Make sure keytool prints both unknown and unparseable\n extensions\n - S7194449: String resources for Key Tool and Policy Tool should be in\n their respective packages\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with\n libsoftokn.so\n - S8002306: (se) Selector.open fails if invoked with thread interrupt\n status set [win]\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as\n defined in RFC3161\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n - S8022439: Fix lint warnings in sun.security.ec\n - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n - S8037557: test SessionCacheSizeTests.java timeout\n - S8038837: Add support to jarsigner for specifying timestamp hash\n algorithm\n - S8079410: Hotspot version to share the same update and build version\n from JDK\n - S8130735: javax.swing.TimerQueue: timer fires late when another\n timer starts\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n - S8144313: Test SessionTimeOutTests can be timeout\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed\n out\n - S8146669: Test SessionTimeOutTests fails intermittently\n - S8146993: Several javax/management/remote/mandatory regression tests\n fail after JDK-8138811\n - S8147857: [TEST] RMIConnector logs attribute names incorrectly\n - S8151841, PR3098: Build needs additional flags to compile with GCC 6\n - S8151876: (tz) Support tzdata2016d\n - S8157077: 8u101 L10n resource file updates\n - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not\n known.\n * Import of OpenJDK 7 u111 build 1\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f\n ailing\n - S8140344: add support for 3 digit update release numbers\n - S8145017: Add support for 3 digit hotspot minor version numbers\n - S8162344: The API changes made by CR 7064075 need to be reverted\n * Backports\n - S2178143, PR2958: JVM crashes if the number of bound CPUs changed\n during runtime\n - S4900206, PR3101: Include worst-case rounding tests for Math library\n functions\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop\n caret blink rate\n - S6934604, PR3075: enable parts of EliminateAutoBox by default\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 &\n b138-nightly\n - S7051394, PR3020: NullPointerException when running regression tests\n LoadProfileTest by using openjdk-7-b144\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n - S7119487, PR3013: JavacParserTest.java test fails on Windows\n platforms\n - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY\n apparently converts orange to 244,244,0\n - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced\n for-loops\n - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions\n unexpectedly\n - S8005402, PR3020: Need to provide benchmarks for color management\n - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for\n default destinations\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not\n transferred from source to destination.\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail\n s with java.io.StreamCorruptedException: invalid type code: EE since\n 8b87\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java after\n 6934604 changes\n - S8014959, PR3075: assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded limit\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n - S8024511, PR3020: Crash during color profile destruction\n - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm:\n JNI exception pending\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt\n test suit\n - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling\n JDK 1.4 code in JDK 8\n - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead\n to the generation of illegal instructions (bsc#988651)\n - S8159244, PR3075: Partially initialized string object created by\n C2's string concat optimization may escape\n * Bug fixes\n - PR2799, RH1195203: Files are missing from resources.jar\n - PR2900: Don't use WithSeed versions of NSS functions as they don't\n fully process the seed\n - PR3091: SystemTap is heavily confused by multiple JDKs\n - PR3102: Extend 8022594 to AixPollPort\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been created\n - PR3111: Provide option to disable SystemTap tests\n - PR3114: Don't assume system mime.types supports text/x-java-source\n - PR3115: Add check for elliptic curve cryptography implementation\n - PR3116: Add tests for Java debug info and source files\n - PR3118: Path to agpl-3.0.txt not updated\n - PR3119: Makefile handles cacerts as a symlink, but the configure\n check doesn't\n * AArch64 port\n - S8148328, PR3100: aarch64: redundant lsr instructions in stub code.\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n - S8148948, PR3100: aarch64: generate_copy_longs calls align()\n incorrectly\n - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage\n collection\n - S8154537, PR3100: AArch64: some integer rotate instructions are\n never emitted\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in\n wrong mode\n - S8157906, PR3100: aarch64: some more integer rotate instructions are\n never emitted\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2016-08-11T23:13:05", "published": "2016-08-11T23:13:05", "id": "OPENSUSE-SU-2016:2052-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n - Update to 2.6.7 - OpenJDK 7u111\n * Security fixes\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n - S8147771: Construction of static protection domains under Javax\n custom policy\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n - S8150752: Share Class Data\n - S8151925: Font reference improvements\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n - CVE-2016-3511 (bsc#989727)\n - CVE-2016-3503 (bsc#989728)\n - CVE-2016-3498 (bsc#989729)\n * Import of OpenJDK 7 u111 build 0\n - S6953295: Move few sun.security.{util, x509, pkcs} classes used by\n keytool/jarsigner to another package\n - S7060849: Eliminate pack200 build warnings\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n - S7069870: Parts of the JDK erroneously rely on generic array\n initializers with diamond\n - S7102686: Restructure timestamp code so that jars and modules can\n more easily share the same code\n - S7105780: Add SSLSocket client/SSLEngine server to templates\n directory\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom\n instances when timestamping is not done\n - S7152582: PKCS11 tests should use the NSS libraries available in the\n OS\n - S7192202: Make sure keytool prints both unknown and unparseable\n extensions\n - S7194449: String resources for Key Tool and Policy Tool should be in\n their respective packages\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with\n libsoftokn.so\n - S8002306: (se) Selector.open fails if invoked with thread interrupt\n status set [win]\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as\n defined in RFC3161\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n - S8022439: Fix lint warnings in sun.security.ec\n - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n - S8037557: test SessionCacheSizeTests.java timeout\n - S8038837: Add support to jarsigner for specifying timestamp hash\n algorithm\n - S8079410: Hotspot version to share the same update and build version\n from JDK\n - S8130735: javax.swing.TimerQueue: timer fires late when another\n timer starts\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n - S8144313: Test SessionTimeOutTests can be timeout\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed\n out\n - S8146669: Test SessionTimeOutTests fails intermittently\n - S8146993: Several javax/management/remote/mandatory regression tests\n fail after JDK-8138811\n - S8147857: [TEST] RMIConnector logs attribute names incorrectly\n - S8151841, PR3098: Build needs additional flags to compile with GCC 6\n - S8151876: (tz) Support tzdata2016d\n - S8157077: 8u101 L10n resource file updates\n - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not\n known.\n * Import of OpenJDK 7 u111 build 1\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java f\n ailing\n - S8140344: add support for 3 digit update release numbers\n - S8145017: Add support for 3 digit hotspot minor version numbers\n - S8162344: The API changes made by CR 7064075 need to be reverted\n * Backports\n - S2178143, PR2958: JVM crashes if the number of bound CPUs changed\n during runtime\n - S4900206, PR3101: Include worst-case rounding tests for Math library\n functions\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop\n caret blink rate\n - S6934604, PR3075: enable parts of EliminateAutoBox by default\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 &\n b138-nightly\n - S7051394, PR3020: NullPointerException when running regression tests\n LoadProfileTest by using openjdk-7-b144\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n - S7119487, PR3013: JavacParserTest.java test fails on Windows\n platforms\n - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY\n apparently converts orange to 244,244,0\n - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced\n for-loops\n - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions\n unexpectedly\n - S8005402, PR3020: Need to provide benchmarks for color management\n - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for\n default destinations\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not\n transferred from source to destination.\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fail\n s with java.io.StreamCorruptedException: invalid type code: EE since\n 8b87\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java after\n 6934604 changes\n - S8014959, PR3075: assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded limit\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n - S8024511, PR3020: Crash during color profile destruction\n - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm:\n JNI exception pending\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt\n test suit\n - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling\n JDK 1.4 code in JDK 8\n - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead\n to the generation of illegal instructions (bsc#988651)\n - S8159244, PR3075: Partially initialized string object created by\n C2's string concat optimization may escape\n * Bug fixes\n - PR2799, RH1195203: Files are missing from resources.jar\n - PR2900: Don't use WithSeed versions of NSS functions as they don't\n fully process the seed\n - PR3091: SystemTap is heavily confused by multiple JDKs\n - PR3102: Extend 8022594 to AixPollPort\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been created\n - PR3111: Provide option to disable SystemTap tests\n - PR3114: Don't assume system mime.types supports text/x-java-source\n - PR3115: Add check for elliptic curve cryptography implementation\n - PR3116: Add tests for Java debug info and source files\n - PR3118: Path to agpl-3.0.txt not updated\n - PR3119: Makefile handles cacerts as a symlink, but the configure\n check doesn't\n * AArch64 port\n - S8148328, PR3100: aarch64: redundant lsr instructions in stub code.\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n - S8148948, PR3100: aarch64: generate_copy_longs calls align()\n incorrectly\n - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage\n collection\n - S8154537, PR3100: AArch64: some integer rotate instructions are\n never emitted\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in\n wrong mode\n - S8157906, PR3100: aarch64: some more integer rotate instructions are\n never emitted\n\n", "edition": 1, "modified": "2016-08-11T23:08:57", "published": "2016-08-11T23:08:57", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html", "id": "OPENSUSE-SU-2016:2050-1", "title": "Security update for java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "description": "Update to 2.6.7 - OpenJDK 7u111\n * Security fixes\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n - S8147771: Construction of static protection domains under Javax\n custom policy\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n - S8150752: Share Class Data\n - S8151925: Font reference improvements\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n - CVE-2016-3511 (bsc#989727)\n - CVE-2016-3503 (bsc#989728)\n - CVE-2016-3498 (bsc#989729)\n\n", "edition": 1, "modified": "2016-08-12T12:07:56", "published": "2016-08-12T12:07:56", "id": "OPENSUSE-SU-2016:2058-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html", "type": "suse", "title": "Security update for OpenJDK7 (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3552", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3587", "CVE-2016-3610", "CVE-2016-3458"], "description": "This update for java-1_8_0-openjdk fixes the following issues:\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n - New in release 3.1.0 (2016-07-25):\n * Security fixes\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n - S8146514: Enforce GCM limits\n - S8147771: Construction of static protection domains under Javax\n custom policy\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n - S8149070: Enforce update ordering\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n - S8150752: Share Class Data\n - S8151925: Font reference improvements\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n - S8153312: Constrain AppCDS behavior\n - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721)\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n - CVE-2016-3552 (bsc#989726)\n - CVE-2016-3511 (bsc#989727)\n - CVE-2016-3503 (bsc#989728)\n - CVE-2016-3498 (bsc#989729)\n * New features\n - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3\n on Linux\n - PR2821: Support building OpenJDK with --disable-headful\n - PR2931, G478960: Provide Infinality Support via fontconfig\n - PR3079: Provide option to build Shenandoah on x86_64\n * Import of OpenJDK 8 u92 build 14\n - S6869327: Add new C2 flag to keep safepoints in counted loops.\n - S8022865: [TESTBUG] Compressed Oops testing needs to be revised\n - S8029630: Thread id should be displayed as a hex number in error\n report\n - S8029726: On OS X some dtrace probe names are mismatched with Solaris\n - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV\n are not fired.\n - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID\n attribute value is empty String\n - S8038349: Signing XML with DSA throws Exception when key is larger\n than 1024 bits\n - S8041501: ImageIO reader is not capable of reading JPEGs without\n JFIF header\n - S8041900: [macosx] Java forces the use of discrete GPU\n - S8044363: Remove special build options for unpack200 executable\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for\n hotspot ARCH\n - S8046611: Build errors with gcc on sparc/fastdebug\n - S8047763: Recognize sparc64 as a sparc platform\n - S8048232: Fix for 8046471 breaks PPC64 build\n - S8052396: Catch exceptions resulting from missing font cmap\n - S8058563: InstanceKlass::_dependencies list isn't cleared from empty\n nmethodBucket entries\n - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles\n and therefore shall be excluded\n - S8062901: Iterators is spelled incorrectly in the Javadoc for\n Spliterator\n - S8064330: Remove SHA224 from the default support list if SunMSCAPI\n enabled\n - S8065579: WB method to start G1 concurrent mark cycle should be\n introduced\n - S8065986: Compiler fails to NullPointerException when calling super\n with Object<>()\n - S8066974: Compiler doesn't infer method's generic type information\n in lambda body\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for\n out of range years\n - S8068033: JNI exception pending in jdk/src/share/bin/java.c\n - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI\n pending\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD\n and/or OBSOLETE method(s) found\n - S8068254: Method reference uses wrong qualifying type\n - S8074696: Remote debugging session hangs for several minutes when\n calling findBootType\n - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421\n correctness, as jdk7 did\n - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java\n relies on system locale\n - S8080492: [Parfait] Uninitialised variable in\n jdk/src/java/desktop/windows/native/libawt/\n - S8080650: Enable stubs to use frame pointers correctly\n - S8122944: perfdata used is seen as too high on sparc zone with\n jdk1.9 and causes a test failure\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n - S8129847: Compiling methods generated by Nashorn triggers high\n memory usage in C2\n - S8130506: javac AssertionError when invoking MethodHandle.invoke\n with lambda parameter\n - S8130910: hsperfdata file is created in wrong directory and not\n cleaned up if /tmp/hsperfdata_<username> has wrong permissions\n - S8131129: Attempt to define a duplicate BMH$Species class\n - S8131665: Bad exception message in HandshakeHash.getFinishedHash\n - S8131782: C1 Class.cast optimization breaks when Class is loaded\n from static final\n - S8132503: [macosx] Chinese full stop symbol cannot be entered with\n Pinyin IM on OS X\n - S8133207: ParallelProbes.java test fails after changes for\n JDK-8080115\n - S8133924: NPE may be thrown when xsltc select a non-existing node\n after JDK-8062518\n - S8134007: Improve string folding\n - S8134759: jdb: Incorrect stepping inside finally block\n - S8134963: [Newtest] New stress test for changing the coarseness\n level of G1 remembered set\n - S8136442: Don't tie Certificate signature algorithms to ciphersuites\n - S8137106: EUDC (End User Defined Characters) are not displayed\n on Windows with Java 8u60+\n - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in\n HotSpot\n - S8138764: In some cases the usage of TreeLock can be replaced by\n other synchronization\n - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed\n with timeout\n - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void\n InstanceKlass::oop_oop_iterate_oop_maps_specialized<true,oopDesc*,MarkAndPu\n shClosure>\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n - S8139751: Javac crash with -XDallowStringFolding=false\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev\n - S8139985: JNI exception pending in\n jdk/src/jdk/hprof/agent/share/native/libhprof\n - S8140031: SA: Searching for a value in Threads does not work\n - S8140249: JVM Crashing During startUp If Flight Recording is enabled\n - S8140344: add support for 3 digit update release numbers\n - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead\n of direct class check\n - S8141260: isReachable crash in windows xp\n - S8143297: Nashorn compilation time reported in nanoseconds\n - S8143397: It looks like InetAddress.isReachable(timeout) works\n incorrectly\n - S8143855: Bad printf formatting in frame_zero.cpp\n - S8143896: java.lang.Long is implicitly converted to double\n - S8143963: improve ClassLoader::trace_class_path to accept an\n additional outputStream* arg\n - S8144020: Remove long as an internal numeric type\n - S8144131: ArrayData.getInt implementations do not convert to int32\n - S8144483: One long Safepoint pause directly after each GC log\n rotation\n - S8144487: PhaseIdealLoop::build_and_optimize() must restore\n major_progress flag if skip_loop_opts is true\n - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC\n builds\n - S8144935: C2: safepoint is pruned from a non-counted loop\n - S8144937: [TEST_BUG] testlibrary_tests should be excluded for\n compact1 and compact2 execution\n - S8145017: Add support for 3 digit hotspot minor version numbers\n - S8145099: Better error message when SA can't attach to a process\n - S8145442: Add the facility to verify remembered sets for G1\n - S8145466: javac: No line numbers in compilation error\n - S8145539: (coll) AbstractMap.keySet and .values should not be\n volatile\n - S8145550: Megamorphic invoke should use CompiledFunction variants\n without any LinkLogic\n - S8145669: apply2call optimized callsite fails after becoming\n megamorphic\n - S8145722: NullPointerException in javadoc\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match\n AddI\n - S8146147: Java linker indexed property getter does not work for\n computed nashorn string\n - S8146566: OpenJDK build can't handle commas in LDFLAGS\n - S8146725: Issues with\n SignatureAndHashAlgorithm.getSupportedAlgorithms\n - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because\n 8072383 was badly backported before\n - S8147087: Race when reusing PerRegionTable bitmaps may result in\n dropped remembered set entries\n - S8147630: Wrong test result pushed to 8u-dev\n - S8147845: Varargs Array functions still leaking longs\n - S8147857: RMIConnector logs attribute names incorrectly\n - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC\n - S8150791: 8u76 L10n resource file translation update\n * Import of OpenJDK 8 u101 build 13\n - S6483657: MSCAPI provider does not create unique alias names\n - S6675699: need comprehensive fix for unconstrained ConvI2L with\n narrowed type\n - S8037557: test SessionCacheSizeTests.java timeout\n - S8038837: Add support to jarsigner for specifying timestamp hash\n algorithm\n - S8081778: Use Intel x64 CPU instructions for RSA acceleration\n - S8130150: Implement BigInteger.montgomeryMultiply intrinsic\n - S8130735: javax.swing.TimerQueue: timer fires late when another\n timer starts\n - S8143913: MSCAPI keystore should accept Certificate[] in setEntry()\n - S8144313: Test SessionTimeOutTests can be timeout\n - S8146240: Three nashorn files contain "GNU General Public License"\n header\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed\n out\n - S8146669: Test SessionTimeOutTests fails intermittently\n - S8146993: Several javax/management/remote/mandatory regression tests\n fail after JDK-8138811\n - S8147994: [macosx] JScrollPane jitters up/down during trackpad\n scrolling on MacOS/Aqua\n - S8151522: Disable 8130150 and 8081778 intrinsics by default\n - S8151876: (tz) Support tzdata2016d\n - S8152098: Fix 8151522 caused test\n compiler/intrinsics/squaretolen/TestSquareToLen.java to fail\n - S8157077: 8u101 L10n resource file updates\n * Backports\n - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop\n caret blink rate\n - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for\n mouse wheel events\n - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string\n - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on\n text orientation\n - S8014212, PR2866: Robot captures black screen\n - S8029339, PR1061: Custom MultiResolution image support on HiDPI\n displays\n - S8031145, PR3077: Re-examine closed i18n tests to see it they can be\n moved to the jdk repository.\n - S8034856, PR3095: gcc warnings compiling\n src/solaris/native/sun/security/pkcs11\n - S8034857, PR3095: gcc warnings compiling\n src/solaris/native/sun/management\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n - S8035287, PR3095: gcc warnings compiling various libraries files\n - S8038631, PR3077: Create wrapper for awt.Robot with additional\n functionality\n - S8039279, PR3077: Move awt tests to openjdk repository\n - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox\n and JRadioButton\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree\n - S8043126, PR3077: move awt automated functional tests from\n AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional\n AWT tests to regression tree\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing\n tests\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and\n AltPlusNumberKeyCombinationsTest to jdk\n - S8044429, PR3077: move awt automated tests for AWT_Modality to\n OpenJDK repository\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out\n - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to\n openjdk repository\n - S8047180, PR3077: Move functional tests AWT_Headless/Automated to\n OpenJDK repository\n - S8047367, PR3077: move awt automated tests from AWT_Modality to\n OpenJDK repository - part 2\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests\n to OpenJDK\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again\n - S8049617, PR3077: move awt automated tests from AWT_Modality to\n OpenJDK repository - part 3\n - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated\n tests to OpenJDK\n - S8050885, PR3077: move awt automated tests from AWT_Modality to\n OpenJDK repository - part 4\n - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK\n - S8052012, PR3077: move awt automated tests from AWT_Modality to\n OpenJDK repository - part 5\n - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3\n of 3)\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related to\n undecorated Frame/JFrame to JDK\n - S8054143, PR3077: move awt automated tests from AWT_Modality to\n OpenJDK repository - part 6\n - S8054358, PR3077: move awt automated tests from AWT_Modality to\n OpenJDK repository - part 7\n - S8054359, PR3077: move awt automated tests from AWT_Modality to\n OpenJDK repository - part 8\n - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent\n tests to OpenJDK\n - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk\n - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK\n repository - part 9\n - S8056911, PR3077: Remove internal API usage from ExtendedRobot class\n - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK\n repository - part 10\n - S8058959, PR1061:\n closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwic\n eTest.java failed automatically\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n - S8063102, PR3077: Change open awt regression tests to avoid\n sun.awt.SunToolkit.realSync, part 1\n - S8063104, PR3077: Change open awt regression tests to avoid\n sun.awt.SunToolkit.realSync, part 2\n - S8063106, PR3077: Change open swing regression tests to avoid\n sun.awt.SunToolkit.realSync, part 1\n - S8063107, PR3077: Change open swing regression tests to avoid\n sun.awt.SunToolkit.realSync, part 2\n - S8064573, PR3077: [TEST_BUG]\n javax/swing/text/AbstractDocument/6968363/Test6968363.java is\n asocial pressing VK_LEFT and not releasing\n - S8064575, PR3077: [TEST_BUG]\n javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys\n and never releases\n - S8064809, PR3077: [TEST_BUG]\n javax/swing/JComboBox/4199622/bug4199622.java contains a lot of\n keyPress and not a single keyRelease\n - S8067441, PR3077: Some tests fails with error: cannot find symbol\n getSystemMnemonicKeyCodes()\n - S8068228, PR3077: Test\n closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails\n with GTKLookAndFeel\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not\n include scale factor\n - S8073320, PR1061: Windows HiDPI Graphics support\n - S8074807, PR3077: Fix some tests unnecessary using internal API\n - S8076315, PR3077: move 4 manual functional swing tests to regression\n suite\n - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize()\n - S8129822, PR3077: Define "headful" jtreg keyword\n - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates\n base image to get its size\n - S8133539, PR1061: [TEST_BUG] Split\n java/awt/image/MultiResolutionImageTest.java in two to allow\n restricted access\n - S8137571, PR1061: Linux HiDPI Graphics support\n - S8142406, PR1061: [TEST] MultiResolution image: need test to cover\n the case when @2x image is corrupted\n - S8145188, PR2945: No LocalVariableTable generated for the entire JDK\n - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution\n menu items icons\n - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution\n icons\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be\n taken into account for OS X\n - S8151841, PR2882: Build needs additional flags to compile with GCC 6\n [plus parts of 8149647 & 8032045]\n - S8155613, PR1061: [PIT] crash in\n AWT_Desktop/Automated/Exceptions/BasicTest\n - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD\n incorrectly\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK\n 3 on Linux\n - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead\n to the generation of illegal instructions (bsc#988651)\n - S8159244, PR3074: Partially initialized string object created by\n C2's string concat optimization may escape\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful.\n - S8160294, PR2882, PR3095: Some client libraries cannot be built with\n GCC 6\n * Bug fixes\n - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order\n - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid\n re-discovery by OpenJDK configure\n - PR2932: Support ccache in a non-automagic manner\n - PR2933: Support ccache 3.2 and later\n - PR2964: Set system defaults based on OS\n - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line\n endings rather than system line endings\n - PR3078: Remove duplicated line dating back to 6788347 and 6894807\n - PR3083, RH1346460: Regression in SSL debug output without an ECC\n provider\n - PR3089: Remove old memory limits patch\n - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs\n - PR3095: Fix warnings in URLClassPath.c\n - PR3096: Remove dead --disable-optimizations option\n - PR3105: Use version from hotspot.map to create tarball filename\n - PR3106: Handle both correctly-spelt property\n "enableCustomValueHandler" introduced by S8079718 and typo version\n - PR3108: Shenandoah patches not included in release tarball\n - PR3110: Update hotspot.map documentation in INSTALL\n * AArch64 port\n - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for\n AArch64\n - S8148328, PR3078: aarch64: redundant lsr instructions in stub code.\n - S8148783, PR3078: aarch64: SEGV running SpecJBB2013\n - S8148948, PR3078: aarch64: generate_copy_longs calls align()\n incorrectly\n - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code\n - S8149365, PR3078: aarch64: memory copy does not prefetch on\n backwards copy\n - S8149907, PR3078: aarch64: use load/store pair instructions in\n call_stub\n - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing\n narrow pointer with zero\n - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage\n collection\n - S8150082, PR3078: aarch64: optimise small array copy\n - S8150229, PR3078: aarch64: pipeline class for several instructions\n is not set correctly\n - S8150313, PR3078: aarch64: optimise array copy using SIMD\n instructions\n - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions\n - S8151340, PR3078: aarch64: prefetch the destination word for write\n prior to ldxr/stxr loops.\n - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words\n - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic\n operations\n - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing\n unsigned values with zero.\n - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine\n - S8153713, PR3078: aarch64: improve short array clearing using store\n pair\n - S8153797, PR3078: aarch64: Add Arrays.fill stub code\n - S8154537, PR3078: AArch64: some integer rotate instructions are\n never emitted\n - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in\n wrong mode\n - S8155015, PR3078: Aarch64: bad assert in spill generation code\n - S8155100, PR3078: AArch64: Relax alignment requirement for\n byte_map_base\n - S8155612, PR3078: Aarch64: vector nodes need to support misaligned\n offset\n - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA\n - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with\n 8155612\n - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due\n to _generic_arraycopy stub routine\n - S8157841, PR3078: aarch64: prefetch ignores cache line size\n - S8157906, PR3078: aarch64: some more integer rotate instructions are\n never emitted\n - S8158913, PR3078: aarch64: SEGV running Spark terasort\n - S8159052, PR3078: aarch64: optimise unaligned copies in\n pd_disjoint_words and pd_conjoint_words\n - S8159063, PR3078: aarch64: optimise unaligned array copy long\n - PR3078: Cleanup remaining differences from aarch64/jdk8u tree\n - Fix script linking /usr/share/javazi/tzdb.dat for platform where it\n applies (bsc#987895)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\n avoid some crashes\n\n", "edition": 1, "modified": "2016-08-09T17:35:21", "published": "2016-08-09T17:35:21", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html", "id": "SUSE-SU-2016:2012-1", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T14:46:26", "description": "IBM Java 6 was updated to version 6.0-16.30. Following security issue\nwas fixed: CVE-2016-3485 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 2.9, "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-09-22T00:00:00", "title": "SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2348-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3485"], "modified": "2016-09-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_6_0-ibm"], "id": "SUSE_SU-2016-2348-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93647", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2348-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93647);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3485\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2348-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 was updated to version 6.0-16.30. Following security issue\nwas fixed: CVE-2016-3485 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992537\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162348-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9fbfb6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-java-1_6_0-ibm-12754=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch\nslemap21-java-1_6_0-ibm-12754=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-java-1_6_0-ibm-12754=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-java-1_6_0-ibm-12754=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-java-1_6_0-ibm-12754=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-java-1_6_0-ibm-12754=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_6_0-ibm-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_6_0-ibm-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr16.30-75.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-ibm\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:18:31", "description": "The version of Java SDK installed on the remote AIX host is affected\nby multiple vulnerabilities in the following subcomponents :\n\n - An unspecified flaw exists in the Networking\n subcomponent that allows a local attacker to impact\n integrity. (CVE-2016-3485)\n\n - An unspecified flaw exists in the Deployment\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-3511)\n\n - A flaw exists in the Libraries subcomponent in the\n share/classes/java/lang/invoke/MethodHandles.java class\n within the MethodHandles::dropArguments() function that\n allows an unauthenticated, remote attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2016-3598)", "edition": 30, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "title": "AIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "modified": "2016-11-18T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk", "cpe:/o:ibm:aix"], "id": "AIX_JAVA_JULY2016_ADVISORY.NASL", "href": "https://www.tenable.com/plugins/nessus/94970", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94970);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-3485\",\n \"CVE-2016-3511\",\n \"CVE-2016-3598\"\n );\n script_bugtraq_id(\n 91918,\n 91990\n );\n\n script_name(english:\"AIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)\");\n script_summary(english:\"Checks the version of the Java package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Java SDK installed on the remote AIX host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Java SDK installed on the remote AIX host is affected\nby multiple vulnerabilities in the following subcomponents :\n\n - An unspecified flaw exists in the Networking\n subcomponent that allows a local attacker to impact\n integrity. (CVE-2016-3485)\n\n - An unspecified flaw exists in the Deployment\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-3511)\n\n - A flaw exists in the Libraries subcomponent in the\n share/classes/java/lang/invoke/MethodHandles.java class\n within the MethodHandles::dropArguments() function that\n allows an unauthenticated, remote attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2016-3598)\");\n # http://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46a051b3\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce533d8f\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17d05c61\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4595696\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9abd5252\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ee03dc1\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f7a066c\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52d4ddf3\");\n # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?\n # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?343fa903\");\n script_set_attribute(attribute:\"solution\", value:\n\"Fixes are available by version and can be downloaded from the IBM AIX\nwebsite.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" && oslevel != \"AIX-7.2\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\n#Java6 6.0.0.585\nif (aix_check_package(release:\"5.3\", package:\"Java6.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"Java6.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java6.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java6.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"Java6_64.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"Java6_64.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java6_64.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java6_64.sdk\", minpackagever:\"6.0.0.0\", maxpackagever:\"6.0.0.584\", fixpackagever:\"6.0.0.585\") > 0) flag++;\n\n#Java7 7.0.0.450\nif (aix_check_package(release:\"6.1\", package:\"Java7.sdk\", minpackagever:\"7.0.0.0\", maxpackagever:\"7.0.0.449\", fixpackagever:\"7.0.0.450\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java7.sdk\", minpackagever:\"7.0.0.0\", maxpackagever:\"7.0.0.449\", fixpackagever:\"7.0.0.450\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java7.sdk\", minpackagever:\"7.0.0.0\", maxpackagever:\"7.0.0.449\", fixpackagever:\"7.0.0.450\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"Java7_64.sdk\", minpackagever:\"7.0.0.0\", maxpackagever:\"7.0.0.449\", fixpackagever:\"7.0.0.450\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java7_64.sdk\", minpackagever:\"7.0.0.0\", maxpackagever:\"7.0.0.449\", fixpackagever:\"7.0.0.450\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java7_64.sdk\", minpackagever:\"7.0.0.0\", maxpackagever:\"7.0.0.449\", fixpackagever:\"7.0.0.450\") > 0) flag++;\n\n#Java7.1 7.1.0.350\nif (aix_check_package(release:\"6.1\", package:\"Java7.sdk\", minpackagever:\"7.1.0.0\", maxpackagever:\"7.1.0.349\", fixpackagever:\"7.1.0.350\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java7.sdk\", minpackagever:\"7.1.0.0\", maxpackagever:\"7.1.0.349\", fixpackagever:\"7.1.0.350\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java7.sdk\", minpackagever:\"7.1.0.0\", maxpackagever:\"7.1.0.349\", fixpackagever:\"7.1.0.350\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"Java7_64.sdk\", minpackagever:\"7.1.0.0\", maxpackagever:\"7.1.0.349\", fixpackagever:\"7.1.0.350\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java7_64.sdk\", minpackagever:\"7.1.0.0\", maxpackagever:\"7.1.0.349\", fixpackagever:\"7.1.0.350\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java7_64.sdk\", minpackagever:\"7.1.0.0\", maxpackagever:\"7.1.0.349\", fixpackagever:\"7.1.0.350\") > 0) flag++;\n\n#Java8.0 8.0.0.310\nif (aix_check_package(release:\"6.1\", package:\"Java8.sdk\", minpackagever:\"8.0.0.0\", maxpackagever:\"8.0.0.309\", fixpackagever:\"8.0.0.310\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java8.sdk\", minpackagever:\"8.0.0.0\", maxpackagever:\"8.0.0.309\", fixpackagever:\"8.0.0.310\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java8.sdk\", minpackagever:\"8.0.0.0\", maxpackagever:\"8.0.0.309\", fixpackagever:\"8.0.0.310\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"Java8_64.sdk\", minpackagever:\"8.0.0.0\", maxpackagever:\"8.0.0.309\", fixpackagever:\"8.0.0.310\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"Java8_64.sdk\", minpackagever:\"8.0.0.0\", maxpackagever:\"8.0.0.309\", fixpackagever:\"8.0.0.310\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"Java8_64.sdk\", minpackagever:\"8.0.0.0\", maxpackagever:\"8.0.0.309\", fixpackagever:\"8.0.0.310\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Java6 / Java7 / Java8\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:43", "description": "IBM Java 7.1 was updated to version 7.1-3.50 to fix the following\nsecurity issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\n - Add hwkeytool binary for zSeries.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-09-22T00:00:00", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2347-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "modified": "2016-09-22T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"], "id": "SUSE_SU-2016-2347-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2347-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93646);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3485\", \"CVE-2016-3511\", \"CVE-2016-3598\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2347-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 7.1 was updated to version 7.1-3.50 to fix the following\nsecurity issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\n - Add hwkeytool binary for zSeries.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992537\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3598/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162347-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1ee0557\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1372=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1372=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1372=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1372=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:57", "description": "IBM Java 8 was updated to version 8.0-3.10 to fix the following\nsecurity issues :\n\n - CVE-2016-3485: Unspecified vulnerability allowed local\n users to affect integrity via vectors related to\n Networking\n\n - CVE-2016-3511: Unspecified vulnerability allowed local\n users to affect confidentiality, integrity, and\n availability via vectors related to Deployment\n\n - CVE-2016-3598: Unspecified vulnerability allowed remote\n attackers to affect confidentiality, integrity, and\n availability via vectors related to Libraries Please see\n https://www.ibm.com/developerworks/java/jdk/alerts/ for\n more information.\n\n - Add hwkeytool binary for zSeries.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-11-07T00:00:00", "title": "SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:2726-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "modified": "2016-11-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa"], "id": "SUSE_SU-2016-2726-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2726-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94609);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3485\", \"CVE-2016-3511\", \"CVE-2016-3598\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:2726-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 8 was updated to version 8.0-3.10 to fix the following\nsecurity issues :\n\n - CVE-2016-3485: Unspecified vulnerability allowed local\n users to affect integrity via vectors related to\n Networking\n\n - CVE-2016-3511: Unspecified vulnerability allowed local\n users to affect confidentiality, integrity, and\n availability via vectors related to Deployment\n\n - CVE-2016-3598: Unspecified vulnerability allowed remote\n attackers to affect confidentiality, integrity, and\n availability via vectors related to Libraries Please see\n https://www.ibm.com/developerworks/java/jdk/alerts/ for\n more information.\n\n - Add hwkeytool binary for zSeries.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992537\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3598/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162726-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?809dff8b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1606=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1606=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-ibm-1.8.0_sr3.10-15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-ibm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:34:51", "description": "The version of Oracle JRockit installed on the remote Windows host is\n28.3.10. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Networking\n subcomponent that allows a local attacker to impact\n integrity. (CVE-2016-3485)\n\n - Multiple unspecified flaws exist in the JAXP\n subcomponent that allow an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3500, CVE-2016-3508)", "edition": 26, "cvss3": {"score": 2.9, "vector": "AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-07-21T00:00:00", "title": "Oracle JRockit R28.3.10 Multiple Vulnerabilities (July 2016 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3500"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:jrockit"], "id": "ORACLE_JROCKIT_CPU_JUL_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/92492", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92492);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\"CVE-2016-3485\", \"CVE-2016-3500\", \"CVE-2016-3508\");\n\n script_name(english:\"Oracle JRockit R28.3.10 Multiple Vulnerabilities (July 2016 CPU)\");\n script_summary(english:\"Checks the version of jvm.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A programming platform installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle JRockit installed on the remote Windows host is\n28.3.10. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Networking\n subcomponent that allows a local attacker to impact\n integrity. (CVE-2016-3485)\n\n - Multiple unspecified flaws exist in the JAXP\n subcomponent that allow an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3500, CVE-2016-3508)\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e71b6836\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JRockit version R28.3.11 or later as referenced in\nthe July 2016 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3485\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jrockit\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_jrockit_installed.nasl\");\n script_require_keys(\"installed_sw/Oracle JRockit\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Oracle JRockit\";\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\nver = install['version'];\ntype = install['type'];\npath = install['path'];\n\nif (ver =~ \"^28(\\.3)?$\") audit(AUDIT_VER_NOT_GRANULAR, app, ver);\nif (ver !~ \"^28\\.3($|[^0-9])\") audit(AUDIT_NOT_INST, app + \" 28.3.x\");\n\n# Affected :\n# 28.3.10\nif (ver =~ \"^28\\.3\\.10($|[^0-9])\")\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n # The DLL we're looking at is a level deeper in the JDK, since it\n # keeps a subset of the JRE in a subdirectory.\n if (type == \"JDK\") path += \"\\jre\";\n path += \"\\bin\\jrockit\\jvm.dll\";\n\n report =\n '\\n Type : ' + type +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 28.3.11' +\n '\\n';\n security_report_v4(severity:SECURITY_NOTE, port:port, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:46:23", "description": "IBM Java 7.1 was updated to version 7.1-3.50 to fix the following\nsecurity issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-09-08T00:00:00", "title": "SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2261-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "modified": "2016-09-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"], "id": "SUSE_SU-2016-2261-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2261-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93373);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3485\", \"CVE-2016-3511\", \"CVE-2016-3598\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2261-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 7.1 was updated to version 7.1-3.50 to fix the following\nsecurity issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992537\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3598/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162261-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d78a2e00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-java-1_7_1_ibm-12733=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-java-1_7_1_ibm-12733=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-1.7.1_sr3.50-16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:46:24", "description": "IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues\n(bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511\nCVE-2016-3598 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-09-13T00:00:00", "title": "SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:2286-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "modified": "2016-09-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel"], "id": "SUSE_SU-2016-2286-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2286-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93458);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3485\", \"CVE-2016-3511\", \"CVE-2016-3598\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:2286-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues\n(bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511\nCVE-2016-3598 Please see\nhttps://www.ibm.com/developerworks/java/jdk/alerts/ for more\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992537\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3598/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162286-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0a49b7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-java-1_7_0-ibm-12737=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch\nslemap21-java-1_7_0-ibm-12737=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-java-1_7_0-ibm-12737=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-java-1_7_0-ibm-12737=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-java-1_7_0-ibm-12737=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-java-1_7_0-ibm-12737=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_7_0-ibm-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-ibm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:27", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.{util, x509, pkcs}\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java f ailing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fail s with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes()\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space\n (bsc#984684)</clinit>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "modified": "2016-09-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo"], "id": "SUSE_SU-2016-1997-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1997-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93272);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.{util, x509, pkcs}\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java f ailing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fail s with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes()\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space\n (bsc#984684)</clinit>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3498/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3508/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3610/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161997-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2041c177\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1186=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1186=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:59", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs)\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fails with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted", "edition": 20, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-08-12T00:00:00", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "modified": "2016-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo"], "id": "OPENSUSE-2016-976.NASL", "href": "https://www.tenable.com/plugins/nessus/92932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-976.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92932);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)\");\n script_summary(english:\"Check for the openSUSE-2016-976 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs)\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fails with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-src-1.7.0.111-25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk-bootstrap / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:59", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs)\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fails with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 20, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-08-16T00:00:00", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "modified": "2016-08-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo"], "id": "OPENSUSE-2016-977.NASL", "href": "https://www.tenable.com/plugins/nessus/92978", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-977.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92978);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)\");\n script_summary(english:\"Check for the openSUSE-2016-977 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs)\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fails with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-src-1.7.0.111-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk-bootstrap / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "aix": [{"lastseen": "2019-05-29T19:19:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3511"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Thu Aug 18 15:35:03 CDT 2016 \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc\n\n \nSecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n CVE-2016-3598 CVE-2016-3511 CVE-2016-3485\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in IBM SDK Java Technology Edition,\n Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed\n as part of the IBM Java SDK updates in July 2016.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2016-3598\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE \n Embedded related to the Libraries component has high confidentiality impact, \n high integrity impact, and high availability impact.\n CVSS Base Score: 9.6\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/115269 for the current \n score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n CVEID: CVE-2016-3511\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Deployment component has high confidentiality impact, high integrity impact, \n and high availability impact.\n CVSS Base Score: 7.7\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/115275 for the current \n score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n CVEID: CVE-2016-3485\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE\n Embedded related to the Networking component has no confidentiality impact, \n low integrity impact, and no availability impact.\n CVSS Base Score: 2.9\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current \n score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n\n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels (VRMF) are vulnerable, if the \n respective Java version is installed:\n For Java6: Less than 6.0.0.585 \n For Java7: Less than 7.0.0.450\n For Java7.1: Less than 7.1.0.350\n For Java8: Less than 8.0.0.310\n\n Note: To find out whether the affected Java filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i java\n\n\n REMEDIATION:\n\n IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix \n Pack 30 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix\n Pack 50 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3\n Fix Pack 50 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all \n\n IBM SDK, Java Technology Edition, Version 8 Service Refresh 3\n Fix Pack 10ifix and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v2 Guide:\n http://www.first.org/cvss/v2/guide \n On-line Calculator v2:\n http://nvd.nist.gov/CVSS-v2-Calculator \n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide \n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0 \n IBM Java SDK Security Bulletin:\n http://www-01.ibm.com/support/docview.wss?uid=swg21980826\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\nCHANGE HISTORY:\n\n First Issued: Thu Aug 18 15:35:03 CDT 2016\n \n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n \n\n\n\n", "edition": 4, "modified": "2016-08-18T15:35:03", "published": "2016-08-18T15:35:03", "id": "JAVA_JULY2016_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc", "title": "Multiple vulnerabilities in IBM Java SDK affect AIX", "type": "aix", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-05-15T17:23:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3458"], "description": "The host is installed with Oracle Java SE\n and is prone to multiple unspecified vulnerabilities.", "modified": "2020-05-12T00:00:00", "published": "2016-07-25T00:00:00", "id": "OPENVAS:1361412562310108384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108384", "type": "openvas", "title": "Oracle Java SE Multiple Unspecified Vulnerabilities-01 July 2016 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE Multiple Unspecified Vulnerabilities-01 July 2016 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108384\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3500\", \"CVE-2016-3503\",\n \"CVE-2016-3508\", \"CVE-2016-3550\");\n script_bugtraq_id(91945, 91996, 91972, 91951);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-25 11:28:15 +0530 (Mon, 25 Jul 2016)\");\n script_name(\"Oracle Java SE Multiple Unspecified Vulnerabilities-01 July 2016 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A flaw in the Hotspot component.\n\n - A flaw in the Install component.\n\n - A flaw in the JAXP component.\n\n - A flaw in the CORBA component.\n\n - A flaw in the Networking component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote user\n to access and modify data on the target system, can cause denial of service\n conditions on the target system, a remote or local user can obtain elevated\n privileges on the target system, also a local user can modify data on the\n target system.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 6 update 115 and prior,\n 7 update 101 and prior, and 8 update 92 and prior on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^1\\.[6-8]\\.\") {\n if(version_in_range(version:vers, test_version:\"1.6.0\", test_version2:\"1.6.0.115\") ||\n version_in_range(version:vers, test_version:\"1.7.0\", test_version2:\"1.7.0.101\") ||\n version_in_range(version:vers, test_version:\"1.8.0\", test_version2:\"1.8.0.92\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-15T17:22:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3458"], "description": "The host is installed with Oracle Java SE\n and is prone to multiple unspecified vulnerabilities.", "modified": "2020-05-12T00:00:00", "published": "2016-07-25T00:00:00", "id": "OPENVAS:1361412562310808621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808621", "type": "openvas", "title": "Oracle Java SE Multiple Unspecified Vulnerabilities-01 July 2016 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE Multiple Unspecified Vulnerabilities-01 July 2016 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808621\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3500\", \"CVE-2016-3503\",\n \"CVE-2016-3508\", \"CVE-2016-3550\");\n script_bugtraq_id(91945, 91996, 91972, 91951);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-25 11:28:15 +0530 (Mon, 25 Jul 2016)\");\n script_name(\"Oracle Java SE Multiple Unspecified Vulnerabilities-01 July 2016 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A flaw in the Hotspot component.\n\n - A flaw in the Install component.\n\n - A flaw in the JAXP component.\n\n - A flaw in the CORBA component.\n\n - A flaw in the Networking component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote user\n to access and modify data on the target system, can cause denial of service\n conditions on the target system, a remote or local user can obtain elevated\n privileges on the target system, also a local user can modify data on the\n target system.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 6 update 115 and prior,\n 7 update 101 and prior, and 8 update 92 and prior on Windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^1\\.[6-8]\") {\n if(version_in_range(version:vers, test_version:\"1.6.0\", test_version2:\"1.6.0.115\") ||\n version_in_range(version:vers, test_version:\"1.7.0\", test_version2:\"1.7.0.101\") ||\n version_in_range(version:vers, test_version:\"1.8.0\", test_version2:\"1.8.0.92\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T18:34:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-08-13T00:00:00", "id": "OPENVAS:1361412562310851384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851384", "type": "openvas", "title": "openSUSE: Security Advisory for OpenJDK7 (openSUSE-SU-2016:2058-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851384\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-13 05:53:05 +0200 (Sat, 13 Aug 2016)\");\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\",\n \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\",\n \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for OpenJDK7 (openSUSE-SU-2016:2058-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenJDK7'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Update to 2.6.7 - OpenJDK 7u111\n\n * Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains under Javax\n custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\");\n\n script_tag(name:\"affected\", value:\"OpenJDK7 on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2058-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.111~24.39.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-08-12T00:00:00", "id": "OPENVAS:1361412562310851381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851381", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:2050-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851381\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-12 05:49:12 +0200 (Fri, 12 Aug 2016)\");\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\",\n \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\",\n \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:2050-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk fixes the following issues:\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n * Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains under Javax\n custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n * Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.{util, x509, pkcs} classes used by\n keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n\n - Xlint:all, -deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic array\n initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and modules can\n more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to templates\n directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom\n instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries available in the\n OS\n\n - S7192202: Make sure keytool prints both unknown and unparsable\n extensions\n\n - S7194449: String resources for Key Tool and Policy Tool should be in\n their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with\n libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with thread interrupt\n status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as\n defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in clinit of sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n\n - S8036612: [parfait] JNI exception pending in\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2050-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap\", rpm:\"java-1_7_0-openjdk-bootstrap~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-debuginfo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debugsource\", rpm:\"java-1_7_0-openjdk-bootstrap-debugsource~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel\", rpm:\"java-1_7_0-openjdk-bootstrap-devel~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless\", rpm:\"java-1_7_0-openjdk-bootstrap-headless~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.111~25.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3610", "CVE-2016-3458"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-08-12T00:00:00", "id": "OPENVAS:1361412562310851380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851380", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:2052-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851380\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-12 05:48:50 +0200 (Fri, 12 Aug 2016)\");\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\",\n \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\",\n \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2016:2052-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_7_0-openjdk fixes the following issues:\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n * Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains under Javax\n custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n * Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.{util, x509, pkcs} classes used by\n keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n\n - Xlint:all, -deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic array\n initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and modules can\n more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to templates\n directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom\n instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries available in the\n OS\n\n - S7192202: Make sure keytool prints both unknown and unparsable\n extensions\n\n - S7194449: String resources for Key Tool and Policy Tool should be in\n their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with\n libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with thread interrupt\n status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as\n defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in clinit of sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n\n - S8036612: [parfait] JNI exception pendin ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2052-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap\", rpm:\"java-1_7_0-openjdk-bootstrap~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-debuginfo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-debugsource\", rpm:\"java-1_7_0-openjdk-bootstrap-debugsource~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel\", rpm:\"java-1_7_0-openjdk-bootstrap-devel~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless\", rpm:\"java-1_7_0-openjdk-bootstrap-headless~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.111~34.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3552", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3587", "CVE-2016-3610", "CVE-2016-3458"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-08-12T00:00:00", "id": "OPENVAS:1361412562310851379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851379", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2051-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851379\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-12 05:48:20 +0200 (Fri, 12 Aug 2016)\");\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\",\n \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\",\n \"CVE-2016-3552\", \"CVE-2016-3587\", \"CVE-2016-3598\", \"CVE-2016-3606\",\n \"CVE-2016-3610\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2051-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_8_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for java-1_8_0-openjdk fixes the following issues:\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n\n - New in release 3.1.0 (2016-07-25):\n\n * Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8146514: Enforce GCM limits\n\n - S8147771: Construction of static protection domains under Javax\n custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149070: Enforce update ordering\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8153312: Constrain AppCDS behavior\n\n - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n\n - CVE-2016-3552 (bsc#989726)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n * New features\n\n - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3\n on Linux\n\n - PR2821: Support building OpenJDK with --disable-headful\n\n - PR2931, G478960: Provide Infinality Support via fontconfig\n\n - PR3079: Provide option to build Shenandoah on x86_64\n\n * Import of OpenJDK 8 u92 build 14\n\n - S6869327: Add new C2 flag to keep safepoints in counted loops.\n\n - S8022865: [TESTBUG] Compressed Oops testing needs to be revised\n\n - S8029630: Thread id should be displayed as a hex number in error\n report\n\n - S8029726: On OS X some dtrace probe names are mismatched with Solaris\n\n - S8029727: On OS X dtrace probes Call type MethodA/Call type MethodV\n are not fired.\n\n - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired\n\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID\n attribute value is empty String\n\n - S8038349: Signing XML with DSA throws Exception when key is larger\n than 1024 bits\n\n - S8041501: ImageIO reader is not capable of reading JPEGs without\n JFIF header\n\n - S8041900: [macosx] Java forces the use of discrete GPU\n\n - S8044363: Remove special build options for unpack200 executable\n\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for\n hotspot ARCH\n\n - S8046611: Build errors with gcc on sparc/fastdebug\n\n - S8047763: Recognize sparc64 as a sparc platform\n\n - S8048232: Fix for 8046471 breaks PPC64 build\n\n - ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"java-1_8_0-openjdk on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2051-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk\", rpm:\"java-1_8_0-openjdk~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-accessibility\", rpm:\"java-1_8_0-openjdk-accessibility~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debuginfo\", rpm:\"java-1_8_0-openjdk-debuginfo~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debugsource\", rpm:\"java-1_8_0-openjdk-debugsource~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo\", rpm:\"java-1_8_0-openjdk-demo~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo-debuginfo\", rpm:\"java-1_8_0-openjdk-demo-debuginfo~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel\", rpm:\"java-1_8_0-openjdk-devel~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel-debuginfo\", rpm:\"java-1_8_0-openjdk-devel-debuginfo~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless\", rpm:\"java-1_8_0-openjdk-headless~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless-debuginfo\", rpm:\"java-1_8_0-openjdk-headless-debuginfo~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-src\", rpm:\"java-1_8_0-openjdk-src~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-javadoc\", rpm:\"java-1_8_0-openjdk-javadoc~1.8.0.101~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:59:39", "bulletinFamily": "info", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3552", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-3606", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3587", "CVE-2016-3610", "CVE-2016-3458"], "description": "### *Detect date*:\n07/19/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle Java SE. By exploiting these vulnerabilities malicious users can cause denial of service affect integrity or obtain sensitive information. These vulnerabilities can be exploited remotely or locally.\n\n### *Affected products*:\nOracle Java SE 8u92 \nOracle Java SE 7u101 \nOracle Java SE 6u115\n\n### *Solution*:\nUpdate to the latest version \n[Oracle Java SE download page](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2016-3550](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550>)4.3Warning \n[CVE-2016-3552](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3552>)6.2High \n[CVE-2016-3485](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3485>)2.1Warning \n[CVE-2016-3587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587>)9.3Critical \n[CVE-2016-3606](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606>)6.8High \n[CVE-2016-3498](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3498>)5.0Critical \n[CVE-2016-3598](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598>)9.3Critical \n[CVE-2016-3500](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500>)5.0Critical \n[CVE-2016-3503](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3503>)4.4Warning \n[CVE-2016-3610](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610>)9.3Critical \n[CVE-2016-3508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508>)5.0Critical \n[CVE-2016-3511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3511>)6.9High \n[CVE-2016-3458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458>)4.3Warning", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2016-07-19T00:00:00", "id": "KLA10849", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10849", "title": "\r KLA10849Multiple vulnerabilities in Oracle Java SE ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2017-01-19T18:59:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-5568", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-5582", "CVE-2016-5542", "CVE-2016-5597", "CVE-2016-3606", "CVE-2016-3550", "CVE-2016-3587", "CVE-2016-5554", "CVE-2016-3610", "CVE-2016-5573", "CVE-2016-3458"], "edition": 1, "description": "### Background\n\nIcedTea\u2019s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. \n\n### Description\n\nVarious OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers may execute arbitrary code, compromise information, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea-bin 7.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-7.2.6.8:7\"\n \n\nAll IcedTea-bin 3.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-3.2.0:8\"", "modified": "2017-01-19T00:00:00", "published": "2017-01-19T00:00:00", "href": "https://security.gentoo.org/glsa/201701-43", "id": "GLSA-201701-43", "title": "IcedTea: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-18T12:42:07", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3508", "CVE-2016-3485", "CVE-2016-3552", "CVE-2016-3426", "CVE-2016-3598", "CVE-2016-3500", "CVE-2016-0603", "CVE-2016-0483", "CVE-2016-3511", "CVE-2016-3498", "CVE-2016-0448", "CVE-2016-3606", "CVE-2016-0466", "CVE-2016-0636", "CVE-2016-0494", "CVE-2016-0402", "CVE-2016-3503", "CVE-2016-3550", "CVE-2016-3587", "CVE-2016-0475", "CVE-2016-3610", "CVE-2016-3458"], "edition": 1, "description": "### Background\n\nJava Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today\u2019s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today\u2019s applications require. \n\n### Description\n\nMultiple vulnerabilities exist in both Oracle\u2019s JRE and JDK. Please review the referenced CVE\u2019s for additional information. \n\n### Impact\n\nRemote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JRE Users users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/oracle-jre-bin-1.8.0.101\"\n \n\nAll Oracle JDK Users users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/oracle-jdk-bin-1.8.0.101\"", "modified": "2016-10-15T00:00:00", "published": "2016-10-15T00:00:00", "href": "https://security.gentoo.org/glsa/201610-08", "id": "GLSA-201610-08", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:21:07", "bulletinFamily": "software", "cvelist": ["CVE-2015-5600", "CVE-2016-5465", "CVE-2015-4000", "CVE-2016-3446", "CVE-2016-3508", "CVE-2016-3547", "CVE-2016-3529", "CVE-2016-5452", "CVE-2016-5445", "CVE-2016-1548", "CVE-2016-2518", "CVE-2016-3485", "CVE-2016-3444", "CVE-2015-1792", "CVE-2014-3566", "CVE-2016-3552", "CVE-2015-0235", "CVE-2016-3615", "CVE-2015-1793", "CVE-2016-3491", "CVE-2016-3553", "CVE-2016-3477", "CVE-2016-3613", "CVE-2016-5477", "CVE-2016-3488", "CVE-2015-3197", "CVE-2016-3592", "CVE-2016-3573", "CVE-2016-3494", "CVE-2016-5466", "CVE-2016-5019", "CVE-2015-3236", "CVE-2016-3544", "CVE-2014-3572", "CVE-2016-0705", "CVE-2016-3545", "CVE-2016-3611", "CVE-2015-7181", "CVE-2015-0206", "CVE-2015-1789", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-5455", "CVE-2016-3574", "CVE-2015-8138", "CVE-2016-3500", "CVE-2016-5472", "CVE-2016-4051", "CVE-2016-3445", "CVE-2016-5454", "CVE-2016-3554", "CVE-2016-5458", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-3570", "CVE-2016-3432", "CVE-2016-3515", "CVE-2016-2108", "CVE-2016-5447", "CVE-2016-3474", "CVE-2016-3528", "CVE-2016-5440", "CVE-2016-3580", "CVE-2014-3571", "CVE-2016-5450", "CVE-2016-3496", "CVE-2016-3555", "CVE-2016-3596", "CVE-2016-1938", "CVE-2016-5468", "CVE-2016-3481", "CVE-2016-3563", "CVE-2016-0799", "CVE-2016-3539", "CVE-2016-3507", "CVE-2016-3584", "CVE-2016-3519", "CVE-2016-5460", "CVE-2016-3472", "CVE-2016-3583", "CVE-2016-5471", "CVE-2016-3511", "CVE-2016-3479", "CVE-2016-3499", "CVE-2013-2064", "CVE-2014-0224", "CVE-2016-5467", "CVE-2016-0635", "CVE-2016-3498", "CVE-2016-2105", "CVE-2016-3560", "CVE-2016-3514", "CVE-2016-5453", "CVE-2016-3440", "CVE-2016-4052", "CVE-2015-3194", "CVE-2016-2107", "CVE-2016-3607", "CVE-2016-3556", "CVE-2016-3512", "CVE-2016-3532", "CVE-2015-7501", "CVE-2016-1550", "CVE-2016-3475", "CVE-2015-3253", "CVE-2016-0701", "CVE-2016-3476", "CVE-2016-3588", "CVE-2016-3424", "CVE-2016-3471", "CVE-2016-1182", "CVE-2015-7704", "CVE-2016-3585", "CVE-2016-5444", "CVE-2016-3538", "CVE-2014-8275", "CVE-2016-3452", "CVE-2015-7979", "CVE-2016-3549", "CVE-2016-0797", "CVE-2015-7182", "CVE-2016-0702", "CVE-2015-2808", "CVE-2014-3570", "CVE-2016-5451", "CVE-2015-7575", "CVE-2016-3577", "CVE-2016-3591", "CVE-2016-3567", "CVE-2016-3467", "CVE-2016-3537", "CVE-2016-3593", "CVE-2016-3606", "CVE-2016-5456", "CVE-2016-3468", "CVE-2016-3540", "CVE-2016-2109", "CVE-2016-3559", "CVE-2016-5476", "CVE-2015-2721", "CVE-2016-3530", "CVE-2015-3193", "CVE-2014-9708", "CVE-2016-5473", "CVE-2016-3568", "CVE-2016-3453", "CVE-2016-5464", "CVE-2016-5462", "CVE-2016-3490", "CVE-2016-3572", "CVE-2016-3513", "CVE-2012-3137", "CVE-2015-0228", "CVE-2016-3509", "CVE-2015-3237", "CVE-2016-3565", "CVE-2016-5437", "CVE-2016-3534", "CVE-2016-3503", "CVE-2015-7183", "CVE-2016-3550", "CVE-2015-1788", "CVE-2016-3525", "CVE-2016-3587", "CVE-2016-3561", "CVE-2016-3504", "CVE-2016-3581", "CVE-2016-3501", "CVE-2016-5457", "CVE-2016-1547", "CVE-2015-3183", "CVE-2016-3614", "CVE-2012-3410", "CVE-2016-5461", "CVE-2016-5439", "CVE-2015-0204", "CVE-2016-5449", "CVE-2016-3578", "CVE-2016-3527", "CVE-2016-0800", "CVE-2016-3489", "CVE-2016-3483", "CVE-2016-3433", "CVE-2016-5459", "CVE-2016-1181", "CVE-2016-3450", "CVE-2016-3524", "CVE-2016-5442", "CVE-2016-3564", "CVE-2016-5470", "CVE-2013-2566", "CVE-2016-2176", "CVE-2015-1790", "CVE-2016-3542", "CVE-2016-1978", "CVE-2016-3575", "CVE-2016-3531", "CVE-2016-3502", "CVE-2016-3459", "CVE-2016-5446", "CVE-2016-3480", "CVE-2016-3533", "CVE-2016-5469", "CVE-2016-3526", "CVE-2016-5448", "CVE-2016-3486", "CVE-2016-3448", "CVE-2016-5474", "CVE-2016-5436", "CVE-2016-3523", "CVE-2016-5441", "CVE-2016-5475", "CVE-2016-3576", "CVE-2016-3595", "CVE-2016-3610", "CVE-2016-3458", "CVE-2016-3484", "CVE-2016-3586", "CVE-2016-3520", "CVE-2016-3451", "CVE-2016-3582", "CVE-2015-5300", "CVE-2016-3497", "CVE-2016-3589", "CVE-2016-3517", "CVE-2016-3608", "CVE-2016-3510", "CVE-2016-3493", "CVE-2016-3536", "CVE-2016-3548", "CVE-2016-3506", "CVE-2016-3571", "CVE-2016-3487", "CVE-2016-3546", "CVE-2016-5463", "CVE-2016-3541", "CVE-2016-3081", "CVE-2016-3521", "CVE-2015-0205", "CVE-2016-4053", "CVE-2016-3579", "CVE-2016-5443", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-2106", "CVE-2016-3594", "CVE-2016-3478", "CVE-2016-3522", "CVE-2016-3535", "CVE-2016-3543", "CVE-2016-3612", "CVE-2014-3569", "CVE-2016-3470", "CVE-2016-3518", "CVE-2016-3516", "CVE-2015-1791", "CVE-2016-3569", "CVE-2016-3482", "CVE-2016-3590", "CVE-2015-8104", "CVE-2016-3609", "CVE-2016-3566", "CVE-2016-3469"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2016-10-18T00:00:00", "published": "2016-07-19T00:00:00", "id": "ORACLE:CPUJUL2016-2881720", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:16:01", "bulletinFamily": "software", "cvelist": ["CVE-2012-3137", "CVE-2012-3410", "CVE-2013-2064", "CVE-2013-2566", "CVE-2014-0224", "CVE-2014-3566", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2014-9708", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0228", "CVE-2015-0235", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-2721", "CVE-2015-2808", "CVE-2015-3183", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-3253", "CVE-2015-4000", "CVE-2015-5300", "CVE-2015-5600", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7501", "CVE-2015-7575", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-8104", "CVE-2015-8138", "CVE-2016-0635", "CVE-2016-0701", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-1938", "CVE-2016-1978", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2518", "CVE-2016-3081", "CVE-2016-3424", "CVE-2016-3432", "CVE-2016-3433", "CVE-2016-3440", "CVE-2016-3444", "CVE-2016-3445", "CVE-2016-3446", "CVE-2016-3448", "CVE-2016-3450", "CVE-2016-3451", "CVE-2016-3452", "CVE-2016-3453", "CVE-2016-3458", "CVE-2016-3459", "CVE-2016-3467", "CVE-2016-3468", "CVE-2016-3469", "CVE-2016-3470", "CVE-2016-3471", "CVE-2016-3472", "CVE-2016-3474", "CVE-2016-3475", "CVE-2016-3476", "CVE-2016-3477", "CVE-2016-3478", "CVE-2016-3479", "CVE-2016-3480", "CVE-2016-3481", "CVE-2016-3482", "CVE-2016-3483", "CVE-2016-3484", "CVE-2016-3485", "CVE-2016-3486", "CVE-2016-3487", "CVE-2016-3488", "CVE-2016-3489", "CVE-2016-3490", "CVE-2016-3491", "CVE-2016-3493", "CVE-2016-3494", "CVE-2016-3496", "CVE-2016-3497", "CVE-2016-3498", "CVE-2016-3499", "CVE-2016-3500", "CVE-2016-3501", "CVE-2016-3502", "CVE-2016-3503", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3507", "CVE-2016-3508", "CVE-2016-3509", "CVE-2016-3510", "CVE-2016-3511", "CVE-2016-3512", "CVE-2016-3513", "CVE-2016-3514", "CVE-2016-3515", "CVE-2016-3516", "CVE-2016-3517", "CVE-2016-3518", "CVE-2016-3519", "CVE-2016-3520", "CVE-2016-3521", "CVE-2016-3522", "CVE-2016-3523", "CVE-2016-3524", "CVE-2016-3525", "CVE-2016-3526", "CVE-2016-3527", "CVE-2016-3528", "CVE-2016-3529", "CVE-2016-3530", "CVE-2016-3531", "CVE-2016-3532", "CVE-2016-3533", "CVE-2016-3534", "CVE-2016-3535", "CVE-2016-3536", "CVE-2016-3537", "CVE-2016-3538", "CVE-2016-3539", "CVE-2016-3540", "CVE-2016-3541", "CVE-2016-3542", "CVE-2016-3543", "CVE-2016-3544", "CVE-2016-3545", "CVE-2016-3546", "CVE-2016-3547", "CVE-2016-3548", "CVE-2016-3549", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3553", "CVE-2016-3554", "CVE-2016-3555", "CVE-2016-3556", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-3559", "CVE-2016-3560", "CVE-2016-3561", "CVE-2016-3563", "CVE-2016-3564", "CVE-2016-3565", "CVE-2016-3566", "CVE-2016-3567", "CVE-2016-3568", "CVE-2016-3569", "CVE-2016-3570", "CVE-2016-3571", "CVE-2016-3572", "CVE-2016-3573", "CVE-2016-3574", "CVE-2016-3575", "CVE-2016-3576", "CVE-2016-3577", "CVE-2016-3578", "CVE-2016-3579", "CVE-2016-3580", "CVE-2016-3581", "CVE-2016-3582", "CVE-2016-3583", "CVE-2016-3584", "CVE-2016-3585", "CVE-2016-3586", "CVE-2016-3587", "CVE-2016-3588", "CVE-2016-3589", "CVE-2016-3590", "CVE-2016-3591", "CVE-2016-3592", "CVE-2016-3593", "CVE-2016-3594", "CVE-2016-3595", "CVE-2016-3596", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3607", "CVE-2016-3608", "CVE-2016-3609", "CVE-2016-3610", "CVE-2016-3611", "CVE-2016-3612", "CVE-2016-3613", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-4051", "CVE-2016-4052", "CVE-2016-4053", "CVE-2016-5019", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444", "CVE-2016-5445", "CVE-2016-5446", "CVE-2016-5447", "CVE-2016-5448", "CVE-2016-5449", "CVE-2016-5450", "CVE-2016-5451", "CVE-2016-5452", "CVE-2016-5453", "CVE-2016-5454", "CVE-2016-5455", "CVE-2016-5456", "CVE-2016-5457", "CVE-2016-5458", "CVE-2016-5459", "CVE-2016-5460", "CVE-2016-5461", "CVE-2016-5462", "CVE-2016-5463", "CVE-2016-5464", "CVE-2016-5465", "CVE-2016-5466", "CVE-2016-5467", "CVE-2016-5468", "CVE-2016-5469", "CVE-2016-5470", "CVE-2016-5471", "CVE-2016-5472", "CVE-2016-5473", "CVE-2016-5474", "CVE-2016-5475", "CVE-2016-5476", "CVE-2016-5477"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2016-10-18T00:00:00", "published": "2016-07-19T00:00:00", "id": "ORACLE:CPUJUL2016", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}