Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-1314-1.NASLHistoryApr 27, 2021 - 12:00 a.m.
SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2021:1314-1)
2021-04-2700:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
77
6.5 Medium
AI Score
Confidence
High
This update for java-11-openjdk fixes the following issues :
Update to upstream tag jdk-11.0.11+9 (April 2021 CPU)
-
CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055)
-
CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056)
moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2021:1314-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149018);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/03");
script_cve_id("CVE-2021-2161", "CVE-2021-2163");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2021:1314-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for java-11-openjdk fixes the following issues :
Update to upstream tag jdk-11.0.11+9 (April 2021 CPU)
- CVE-2021-2163: Fixed incomplete enforcement of JAR
signing disabled algorithms (bsc#1185055)
- CVE-2021-2161: Fixed incorrect handling of partially
quoted arguments in ProcessBuilder (bsc#1185056)
moved mozilla-nss dependency to java-11-openjdk-headless package, this
is necessary to be able to do crypto with just
java-11-openjdk-headless installed (bsc#1184606).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184606");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185055");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185056");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-2161/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-2163/");
# https://www.suse.com/support/update/announcement/2021/suse-su-20211314-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?33f49408");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 12-SP5 :
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1314=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-2161");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/22");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-debugsource-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-demo-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-devel-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-headless-11.0.11.0-3.21.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | java-11-openjdk | p-cpe:/a:novell:suse_linux:java-11-openjdk |
| novell | suse_linux | java-11-openjdk-debuginfo | p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo |
| novell | suse_linux | java-11-openjdk-debugsource | p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource |
| novell | suse_linux | java-11-openjdk-demo | p-cpe:/a:novell:suse_linux:java-11-openjdk-demo |
| novell | suse_linux | java-11-openjdk-devel | p-cpe:/a:novell:suse_linux:java-11-openjdk-devel |
| novell | suse_linux | java-11-openjdk-headless | p-cpe:/a:novell:suse_linux:java-11-openjdk-headless |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2163
www.nessus.org/u?33f49408
bugzilla.suse.com/show_bug.cgi?id=1184606
bugzilla.suse.com/show_bug.cgi?id=1185055
bugzilla.suse.com/show_bug.cgi?id=1185056
www.suse.com/security/cve/CVE-2021-2161/
www.suse.com/security/cve/CVE-2021-2163/
Related
nessus
nessus
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1989-1)
2021-06-18 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2021-8b80ef64f1)
2021-05-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1980-1)
2021-06-18 00:00:00
mageia
mageia
Updated java-openjdk packages fix security vulnerabilities
2021-06-29 01:51:23
fedora
fedora
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc33
2021-04-29 19:05:32
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.11.0.9-0.fc33
2021-04-24 18:07:10
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.11.0.9-0.fc34
2021-04-26 00:27:09
suse
suse
Security update for java-1_8_0-openj9 (moderate)
2021-07-11 00:00:00
Security update for java-11-openjdk (important)
2021-05-14 00:00:00
Security update for java-1_8_0-openjdk (moderate)
2021-06-28 00:00:00
kaspersky
kaspersky
KLA12159 Multiple vulnerabilities in Oracle Java SE
2021-04-20 00:00:00
ibm
ibm
debian
debian
[SECURITY] [DLA 2634-1] openjdk-8 security update
2021-04-23 11:31:36
[SECURITY] [DSA 4899-1] openjdk-11 security update
2021-04-23 20:09:03
redhat
redhat
(RHSA-2021:1445) Moderate: OpenJDK 8u292 Windows Builds release and security update
2021-04-28 12:29:21
(RHSA-2021:1306) Moderate: java-11-openjdk security update
2021-04-20 21:27:06
cnvd
cnvd
Oracle Java SE Embedded Input Validation Error Vulnerability
2021-02-03 00:00:00
veracode
veracode
Privilege Escalation
2021-07-16 12:12:36
Authorization Bypass
2021-04-24 22:10:55
prion
prion
Design/Logic Flaw
2021-04-22 22:15:00
Design/Logic Flaw
2021-04-22 22:15:00
alpinelinux
alpinelinux
CVE-2021-2161
2021-04-22 22:15:00
CVE-2021-2163
2021-04-22 22:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2133
2023-03-21 12:31:42
ubuntucve
ubuntucve
CVE-2021-2161
2021-04-22 00:00:00
CVE-2021-2163
2021-04-20 00:00:00
redhatcve
redhatcve
CVE-2021-2161
2021-04-20 20:45:01
CVE-2021-2163
2021-04-20 20:43:56
debiancve
debiancve
CVE-2021-2161
2021-04-22 22:15:00
CVE-2021-2163
2021-04-22 22:15:00
cve
cve
CVE-2021-2161
2021-04-22 22:15:00
CVE-2021-2163
2021-04-22 22:15:00
f5
f5
K25401610 : OpenJDK vulnerability CVE-2021-2161
2022-11-08 00:00:00
K71522481 : Java vulnerability CVE-2021-2163
2022-12-06 00:00:00
oraclelinux
oraclelinux
java-11-openjdk security and bug fix update
2021-04-21 00:00:00
java-1.8.0-openjdk security update
2021-04-21 00:00:00
java-11-openjdk security update
2021-04-21 00:00:00
amazon
amazon
Medium: java-1.8.0-openjdk
2021-07-08 18:38:00
osv
osv
openjdk-8 - security update
2021-04-23 00:00:00
openjdk-8, openjdk-lts vulnerability
2021-04-27 16:49:59
CVE-2021-2163
2021-04-22 22:15:13
almalinux
almalinux
Moderate: java-11-openjdk security update
2021-04-20 21:33:58
Moderate: java-1.8.0-openjdk security update
2021-04-20 20:58:47
centos
centos
java security update
2021-04-29 17:56:29
ubuntu
ubuntu
OpenJDK vulnerability
2021-04-27 00:00:00