This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed :
S8180881: Better packaging of deserialization
S8182362: Update CipherOutputStream Usage
S8183032: Upgrade to LittleCMS 2.9
S8189123: More consistent classloading
S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries
S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability
S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability
S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability
S8189989, CVE-2018-2798, bsc#1090028: Improve container portability
S8189993, CVE-2018-2799, bsc#1090029: Improve document portability
S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms
S8190478: Improved interface method selection
S8190877: Better handling of abstract classes
S8191696: Better mouse positioning
S8192025, CVE-2018-2814, bsc#1090032: Less referential references
S8192030: Better MTSchema support
S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation
S8193409: Improve AES supporting classes
S8193414: Improvements in MethodType lookups
S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:1938-2.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(120046);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/20");
script_cve_id("CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815");
script_name(english:"SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-2)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for java-1_8_0-openjdk to version 8u171 fixes the
following issues: These security issues were fixed :
- S8180881: Better packaging of deserialization
- S8182362: Update CipherOutputStream Usage
- S8183032: Upgrade to LittleCMS 2.9
- S8189123: More consistent classloading
- S8189969, CVE-2018-2790, bsc#1090023: Manifest better
manifest entries
- S8189977, CVE-2018-2795, bsc#1090025: Improve permission
portability
- S8189981, CVE-2018-2796, bsc#1090026: Improve queuing
portability
- S8189985, CVE-2018-2797, bsc#1090027: Improve tabular
data portability
- S8189989, CVE-2018-2798, bsc#1090028: Improve container
portability
- S8189993, CVE-2018-2799, bsc#1090029: Improve document
portability
- S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore
mechanisms
- S8190478: Improved interface method selection
- S8190877: Better handling of abstract classes
- S8191696: Better mouse positioning
- S8192025, CVE-2018-2814, bsc#1090032: Less referential
references
- S8192030: Better MTSchema support
- S8192757, CVE-2018-2815, bsc#1090033: Improve stub
classes implementation
- S8193409: Improve AES supporting classes
- S8193414: Improvements in MethodType lookups
- S8193833, CVE-2018-2800, bsc#1090030: Better RMI
connection support For other changes please consult the
changelog.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087066"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090023"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090024"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090025"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090026"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090027"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090028"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090029"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090030"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090032"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090033"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2790/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2794/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2795/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2796/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2797/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2798/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2799/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2800/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2814/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-2815/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20181938-2/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?4f2876d6"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch
SUSE-SLE-Module-Legacy-15-2018-1319=1"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/19");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-debuginfo-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-debugsource-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-demo-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-demo-debuginfo-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-devel-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-devel-debuginfo-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-headless-1.8.0.171-3.3.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-openjdk-headless-debuginfo-1.8.0.171-3.3.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_8_0-openjdk");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | java-1_8_0-openjdk | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk |
novell | suse_linux | java-1_8_0-openjdk-debuginfo | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo |
novell | suse_linux | java-1_8_0-openjdk-debugsource | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource |
novell | suse_linux | java-1_8_0-openjdk-demo | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo |
novell | suse_linux | java-1_8_0-openjdk-demo-debuginfo | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo |
novell | suse_linux | java-1_8_0-openjdk-devel | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel |
novell | suse_linux | java-1_8_0-openjdk-devel-debuginfo | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo |
novell | suse_linux | java-1_8_0-openjdk-headless | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless |
novell | suse_linux | java-1_8_0-openjdk-headless-debuginfo | p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo |
novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2815
www.nessus.org/u?4f2876d6
bugzilla.suse.com/show_bug.cgi?id=1087066
bugzilla.suse.com/show_bug.cgi?id=1090023
bugzilla.suse.com/show_bug.cgi?id=1090024
bugzilla.suse.com/show_bug.cgi?id=1090025
bugzilla.suse.com/show_bug.cgi?id=1090026
bugzilla.suse.com/show_bug.cgi?id=1090027
bugzilla.suse.com/show_bug.cgi?id=1090028
bugzilla.suse.com/show_bug.cgi?id=1090029
bugzilla.suse.com/show_bug.cgi?id=1090030
bugzilla.suse.com/show_bug.cgi?id=1090032
bugzilla.suse.com/show_bug.cgi?id=1090033
www.suse.com/security/cve/CVE-2018-2790/
www.suse.com/security/cve/CVE-2018-2794/
www.suse.com/security/cve/CVE-2018-2795/
www.suse.com/security/cve/CVE-2018-2796/
www.suse.com/security/cve/CVE-2018-2797/
www.suse.com/security/cve/CVE-2018-2798/
www.suse.com/security/cve/CVE-2018-2799/
www.suse.com/security/cve/CVE-2018-2800/
www.suse.com/security/cve/CVE-2018-2814/
www.suse.com/security/cve/CVE-2018-2815/