Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-1554-1.NASL
HistoryMay 12, 2021 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2021:1554-1)

2021-05-1200:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

6.5 Medium

AI Score

Confidence

High

JSON

This update for java-11-openjdk fixes the following issues :

Update to upstream tag jdk-11.0.11+9 (April 2021 CPU)

  • CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055)

  • CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056)

moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2021:1554-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(149429);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/02");

  script_cve_id("CVE-2021-2161", "CVE-2021-2163");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2021:1554-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This update for java-11-openjdk fixes the following issues :

Update to upstream tag jdk-11.0.11+9 (April 2021 CPU)

  - CVE-2021-2163: Fixed incomplete enforcement of JAR
    signing disabled algorithms (bsc#1185055)

  - CVE-2021-2161: Fixed incorrect handling of partially
    quoted arguments in ProcessBuilder (bsc#1185056)

moved mozilla-nss dependency to java-11-openjdk-headless package, this
is necessary to be able to do crypto with just
java-11-openjdk-headless installed (bsc#1184606).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184606");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185055");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185056");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-2161/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-2163/");
  # https://www.suse.com/support/update/announcement/2021/suse-su-20211554-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ce8ab22");
  script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Manager Server 4.0 :

zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1554=1

SUSE Manager Retail Branch Server 4.0 :

zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1554=1

SUSE Manager Proxy 4.0 :

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1554=1

SUSE Linux Enterprise Server for SAP 15-SP1 :

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1554=1

SUSE Linux Enterprise Server for SAP 15 :

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1554=1

SUSE Linux Enterprise Server 15-SP1-LTSS :

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1554=1

SUSE Linux Enterprise Server 15-SP1-BCL :

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1554=1

SUSE Linux Enterprise Server 15-LTSS :

zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1554=1

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 :

zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1554=1

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 :

zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1554=1

SUSE Linux Enterprise Module for Basesystem 15-SP3 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1554=1

SUSE Linux Enterprise Module for Basesystem 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1554=1

SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :

zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1554=1

SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :

zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1554=1

SUSE Linux Enterprise High Performance Computing 15-LTSS :

zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1554=1

SUSE Linux Enterprise High Performance Computing 15-ESPOS :

zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1554=1

SUSE Enterprise Storage 6 :

zypper in -t patch SUSE-Storage-6-2021-1554=1

SUSE CaaS Platform 4.0 :

To install this update, use the SUSE CaaS Platform 'skuba' tool. I
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-2161");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1|2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1/2/3", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP2/3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"java-11-openjdk-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"java-11-openjdk-debugsource-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"java-11-openjdk-demo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"java-11-openjdk-devel-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"java-11-openjdk-headless-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"java-11-openjdk-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"java-11-openjdk-debugsource-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"java-11-openjdk-demo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"java-11-openjdk-devel-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"java-11-openjdk-headless-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"java-11-openjdk-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"java-11-openjdk-debugsource-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"java-11-openjdk-demo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"java-11-openjdk-devel-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"java-11-openjdk-headless-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"java-11-openjdk-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"java-11-openjdk-debugsource-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"java-11-openjdk-demo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"java-11-openjdk-devel-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"java-11-openjdk-headless-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"java-11-openjdk-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"java-11-openjdk-debugsource-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"java-11-openjdk-demo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"java-11-openjdk-devel-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"java-11-openjdk-headless-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"java-11-openjdk-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"java-11-openjdk-debuginfo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"java-11-openjdk-debugsource-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"java-11-openjdk-demo-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"java-11-openjdk-devel-11.0.11.0-3.56.1")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"java-11-openjdk-headless-11.0.11.0-3.56.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk");
}
VendorProductVersionCPE
novellsuse_linuxjava-11-openjdkp-cpe:/a:novell:suse_linux:java-11-openjdk
novellsuse_linuxjava-11-openjdk-debuginfop-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo
novellsuse_linuxjava-11-openjdk-debugsourcep-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource
novellsuse_linuxjava-11-openjdk-demop-cpe:/a:novell:suse_linux:java-11-openjdk-demo
novellsuse_linuxjava-11-openjdk-develp-cpe:/a:novell:suse_linux:java-11-openjdk-devel
novellsuse_linuxjava-11-openjdk-headlessp-cpe:/a:novell:suse_linux:java-11-openjdk-headless
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

suse 5
fedora 6
nessus 38
ibm 75
kaspersky 1
debian 2
redhat 13
openvas 24
mageia 1
cnvd 1
cvelist 2
veracode 2
f5 2
prion 2
alpinelinux 2
ubuntucve 2
debiancve 2
redhatcve 2
cve 2
rosalinux 1
oraclelinux 4
amazon 1
osv 4
almalinux 2
centos 2
ubuntu 1
suse
suse
Security update for java-1_8_0-openj9 (moderate)
2021-07-11 00:00:00
Security update for java-11-openjdk (important)
2021-05-14 00:00:00
Security update for java-1_8_0-openjdk (moderate)
2021-06-28 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.11.0.9-0.fc33
2021-04-24 18:07:10
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc33
2021-04-29 19:05:32
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc32
2021-04-30 01:07:06
nessus
nessus
Amazon Corretto Java 11.x < 11.0.11.9.1 Multiple Vulnerabilities
2022-04-01 00:00:00
OpenJDK 7 <= 7u291 / 8 <= 8u282 / 11.0.0 <= 11.0.10 / 13.0.0 <= 13.0.6 / 15.0.0 <= 15.0.2 / 16.0.0 Multiple Vulnerabilities (2021-04-20)
2021-07-06 00:00:00
IBM Java 7.0 < 7.0.10.85 / 7.1 < 7.1.4.85 / 8.0 < 8.0.6.30 / 11.0 < 11.0.11.0 Multiple Vulnerabilities
2022-04-29 00:00:00
ibm
ibm
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2021 - Includes Oracle Apr 2021 CPU minus CVE-2021-2163
2021-09-15 18:53:13
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java
2021-10-01 06:18:28
Security Bulletin: A Security Vulnerability Has Been Identified In IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Access Manager for e-business (CVE-2021-2161)
2021-05-24 14:37:59
kaspersky
kaspersky
KLA12159 Multiple vulnerabilities in Oracle Java SE
2021-04-20 00:00:00
debian
debian
[SECURITY] [DLA 2634-1] openjdk-8 security update
2021-04-23 11:31:36
[SECURITY] [DSA 4899-1] openjdk-11 security update
2021-04-23 20:09:03
redhat
redhat
(RHSA-2021:1447) Moderate: OpenJDK 11.0.11 Security Update for Windows Builds
2021-04-28 12:29:55
(RHSA-2021:1445) Moderate: OpenJDK 8u292 Windows Builds release and security update
2021-04-28 12:29:21
(RHSA-2021:1306) Moderate: java-11-openjdk security update
2021-04-20 21:27:06
openvas
openvas
Oracle Java SE Security Update (apr2021) - Windows
2021-05-17 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2021-25b47f16af)
2021-04-27 00:00:00
Oracle OpenJDK Multiple Vulnerabilities (Apr 2021)
2021-05-31 00:00:00
mageia
mageia
Updated java-openjdk packages fix security vulnerabilities
2021-06-29 01:51:23
cnvd
cnvd
Oracle Java SE Embedded Input Validation Error Vulnerability
2021-02-03 00:00:00
cvelist
cvelist
CVE-2021-2161
2021-04-22 21:53:46
CVE-2021-2163
2021-04-22 21:53:46
veracode
veracode
Privilege Escalation
2021-07-16 12:12:36
Authorization Bypass
2021-04-24 22:10:55
f5
f5
K25401610 : OpenJDK vulnerability CVE-2021-2161
2022-11-08 00:00:00
K71522481 : Java vulnerability CVE-2021-2163
2022-12-06 00:00:00
prion
prion
Design/Logic Flaw
2021-04-22 22:15:00
Design/Logic Flaw
2021-04-22 22:15:00
alpinelinux
alpinelinux
CVE-2021-2161
2021-04-22 22:15:00
CVE-2021-2163
2021-04-22 22:15:00
ubuntucve
ubuntucve
CVE-2021-2161
2021-04-22 00:00:00
CVE-2021-2163
2021-04-20 00:00:00
debiancve
debiancve
CVE-2021-2161
2021-04-22 22:15:00
CVE-2021-2163
2021-04-22 22:15:00
redhatcve
redhatcve
CVE-2021-2161
2021-04-20 20:45:01
CVE-2021-2163
2021-04-20 20:43:56
cve
cve
CVE-2021-2161
2021-04-22 22:15:00
CVE-2021-2163
2021-04-22 22:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2133
2023-03-21 12:31:42
oraclelinux
oraclelinux
java-11-openjdk security and bug fix update
2021-04-21 00:00:00
java-1.8.0-openjdk security update
2021-04-21 00:00:00
java-1.8.0-openjdk security update
2021-04-21 00:00:00
amazon
amazon
Medium: java-1.8.0-openjdk
2021-07-08 18:38:00
osv
osv
openjdk-8, openjdk-lts vulnerability
2021-04-27 16:49:59
openjdk-8 - security update
2021-04-23 00:00:00
CVE-2021-2163
2021-04-22 22:15:13
almalinux
almalinux
Moderate: java-11-openjdk security update
2021-04-20 21:33:58
Moderate: java-1.8.0-openjdk security update
2021-04-20 20:58:47
centos
centos
java security update
2021-04-29 17:56:29
java security update
2021-04-29 17:55:30
ubuntu
ubuntu
OpenJDK vulnerability
2021-04-27 00:00:00

6.5 Medium

AI Score

Confidence

High

JSON
Related for SUSE_SU-2021-1554-1.NASL
suse5fedora6nessus38ibm75kaspersky1debian2redhat13openvas24mageia1cnvd1cvelist2veracode2f52prion2alpinelinux2ubuntucve2debiancve2redhatcve2cve2rosalinux1oraclelinux4amazon1osv4almalinux2centos2ubuntu1