This update for java-11-openjdk fixes the following issues :
Update to upstream tag jdk-11.0.11+9 (April 2021 CPU)
CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055)
CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056)
moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2021:1314-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149018);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/03");
script_cve_id("CVE-2021-2161", "CVE-2021-2163");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2021:1314-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for java-11-openjdk fixes the following issues :
Update to upstream tag jdk-11.0.11+9 (April 2021 CPU)
- CVE-2021-2163: Fixed incomplete enforcement of JAR
signing disabled algorithms (bsc#1185055)
- CVE-2021-2161: Fixed incorrect handling of partially
quoted arguments in ProcessBuilder (bsc#1185056)
moved mozilla-nss dependency to java-11-openjdk-headless package, this
is necessary to be able to do crypto with just
java-11-openjdk-headless installed (bsc#1184606).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184606");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185055");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185056");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-2161/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-2163/");
# https://www.suse.com/support/update/announcement/2021/suse-su-20211314-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?33f49408");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 12-SP5 :
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1314=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-2161");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/22");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-debugsource-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-demo-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-devel-11.0.11.0-3.21.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-headless-11.0.11.0-3.21.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | java-11-openjdk | p-cpe:/a:novell:suse_linux:java-11-openjdk |
novell | suse_linux | java-11-openjdk-debuginfo | p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo |
novell | suse_linux | java-11-openjdk-debugsource | p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource |
novell | suse_linux | java-11-openjdk-demo | p-cpe:/a:novell:suse_linux:java-11-openjdk-demo |
novell | suse_linux | java-11-openjdk-devel | p-cpe:/a:novell:suse_linux:java-11-openjdk-devel |
novell | suse_linux | java-11-openjdk-headless | p-cpe:/a:novell:suse_linux:java-11-openjdk-headless |
novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2163
www.nessus.org/u?33f49408
bugzilla.suse.com/show_bug.cgi?id=1184606
bugzilla.suse.com/show_bug.cgi?id=1185055
bugzilla.suse.com/show_bug.cgi?id=1185056
www.suse.com/security/cve/CVE-2021-2161/
www.suse.com/security/cve/CVE-2021-2163/