Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4223-1.NASL
HistoryDec 18, 2019 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4223-1)

2019-12-1800:00:00
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK.
An Attacker could use this to expose sensitive information.
(CVE-2019-2894)

It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions.
(CVE-2019-2945)

Rob Hamm discovered that the Kerberos implementation in OpenJDK did not properly handle proxy credentials. An attacker could possibly use this to impersonate another user. (CVE-2019-2949)

It was discovered that a NULL pointer dereference existed in the font handling implementation in OpenJDK. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2962)

It was discovered that the Concurrency subsystem in OpenJDK did not properly bound stack consumption when compiling regular expressions.
An attacker could use this to cause a denial of service (application crash). (CVE-2019-2964)

It was discovered that the JAXP subsystem in OpenJDK did not properly handle XPath expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2973, CVE-2019-2981)

It was discovered that the Nashorn JavaScript subcomponent in OpenJDK did not properly handle regular expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2975)

It was discovered that the String class in OpenJDK contained an out-of- bounds access vulnerability. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. This issue only affected OpenJDK 11 in Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-2977)

It was discovered that the Jar URL handler in OpenJDK did not properly handled nested Jar URLs in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2978)

It was discovered that the Serialization component of OpenJDK did not properly handle deserialization of certain object attributes. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2983)

It was discovered that the FreetypeFontScaler class in OpenJDK did not properly validate dimensions of glyph bitmap images read from font files. An attacker could specially craft a font file that could cause a denial of service (application crash). (CVE-2019-2987)

It was discovered that a buffer overflow existed in the SunGraphics2D class in OpenJDK. An attacker could possibly use this to cause a denial of service (excessive memory consumption or application crash).
(CVE-2019-2988)

It was discovered that the Networking component in OpenJDK did not properly handle certain responses from HTTP proxies. An attacker controlling a malicious HTTP proxy could possibly use this to inject content into a proxied HTTP connection. (CVE-2019-2989)

It was discovered that the font handling implementation in OpenJDK did not properly validate TrueType font files in some situations. An attacker could specially craft a font file that could cause a denial of service (excessive memory consumption). (CVE-2019-2992)

It was discovered that the JavaDoc generator in OpenJDK did not properly filter out some HTML elements properly, including documentation comments in Java source code. An attacker could possibly use this to craft a Cross-Site Scripting attack. (CVE-2019-2999).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4223-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(132240);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/21");

  script_cve_id(
    "CVE-2019-2894",
    "CVE-2019-2945",
    "CVE-2019-2949",
    "CVE-2019-2962",
    "CVE-2019-2964",
    "CVE-2019-2973",
    "CVE-2019-2975",
    "CVE-2019-2977",
    "CVE-2019-2978",
    "CVE-2019-2981",
    "CVE-2019-2983",
    "CVE-2019-2987",
    "CVE-2019-2988",
    "CVE-2019-2989",
    "CVE-2019-2992",
    "CVE-2019-2999"
  );
  script_xref(name:"USN", value:"4223-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4223-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side-
channel vulnerability existed in the ECDSA implementation in OpenJDK.
An Attacker could use this to expose sensitive information.
(CVE-2019-2894)

It was discovered that the Socket implementation in OpenJDK did not
properly restrict the creation of subclasses with a custom Socket
implementation. An attacker could use this to specially create a Java
class that could possibly bypass Java sandbox restrictions.
(CVE-2019-2945)

Rob Hamm discovered that the Kerberos implementation in OpenJDK did
not properly handle proxy credentials. An attacker could possibly use
this to impersonate another user. (CVE-2019-2949)

It was discovered that a NULL pointer dereference existed in the font
handling implementation in OpenJDK. An attacker could use this to
cause a denial of service (application crash). (CVE-2019-2962)

It was discovered that the Concurrency subsystem in OpenJDK did not
properly bound stack consumption when compiling regular expressions.
An attacker could use this to cause a denial of service (application
crash). (CVE-2019-2964)

It was discovered that the JAXP subsystem in OpenJDK did not properly
handle XPath expressions in some situations. An attacker could use
this to cause a denial of service (application crash). (CVE-2019-2973,
CVE-2019-2981)

It was discovered that the Nashorn JavaScript subcomponent in OpenJDK
did not properly handle regular expressions in some situations. An
attacker could use this to cause a denial of service (application
crash). (CVE-2019-2975)

It was discovered that the String class in OpenJDK contained an
out-of- bounds access vulnerability. An attacker could use this to
cause a denial of service (application crash) or possibly expose
sensitive information. This issue only affected OpenJDK 11 in Ubuntu
18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-2977)

It was discovered that the Jar URL handler in OpenJDK did not properly
handled nested Jar URLs in some situations. An attacker could use this
to cause a denial of service (application crash). (CVE-2019-2978)

It was discovered that the Serialization component of OpenJDK did not
properly handle deserialization of certain object attributes. An
attacker could use this to cause a denial of service (application
crash). (CVE-2019-2983)

It was discovered that the FreetypeFontScaler class in OpenJDK did not
properly validate dimensions of glyph bitmap images read from font
files. An attacker could specially craft a font file that could cause
a denial of service (application crash). (CVE-2019-2987)

It was discovered that a buffer overflow existed in the SunGraphics2D
class in OpenJDK. An attacker could possibly use this to cause a
denial of service (excessive memory consumption or application crash).
(CVE-2019-2988)

It was discovered that the Networking component in OpenJDK did not
properly handle certain responses from HTTP proxies. An attacker
controlling a malicious HTTP proxy could possibly use this to inject
content into a proxied HTTP connection. (CVE-2019-2989)

It was discovered that the font handling implementation in OpenJDK did
not properly validate TrueType font files in some situations. An
attacker could specially craft a font file that could cause a denial
of service (excessive memory consumption). (CVE-2019-2992)

It was discovered that the JavaDoc generator in OpenJDK did not
properly filter out some HTML elements properly, including
documentation comments in Java source code. An attacker could possibly
use this to craft a Cross-Site Scripting attack. (CVE-2019-2999).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4223-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2977");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-2989");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-source");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '16.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '16.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '16.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '16.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '16.04', 'pkgname': 'openjdk-8-jre-jamvm', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '16.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '16.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u232-b09-0ubuntu1~16.04.1'},
    {'osver': '18.04', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.5+10-0ubuntu1.1~18.04'},
    {'osver': '18.04', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.5+10-0ubuntu1.1~18.04'},
    {'osver': '18.04', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.5+10-0ubuntu1.1~18.04'},
    {'osver': '18.04', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.5+10-0ubuntu1.1~18.04'},
    {'osver': '18.04', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.5+10-0ubuntu1.1~18.04'},
    {'osver': '18.04', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.5+10-0ubuntu1.1~18.04'},
    {'osver': '18.04', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.5+10-0ubuntu1.1~18.04'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjdk-11-demo / openjdk-11-jdk / openjdk-11-jdk-headless / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxopenjdk-11-jdkp-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk
canonicalubuntu_linuxopenjdk-11-jdk-headlessp-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless
canonicalubuntu_linuxopenjdk-11-jrep-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre
canonicalubuntu_linuxopenjdk-11-jre-headlessp-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless
canonicalubuntu_linuxopenjdk-11-jre-zerop-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero
canonicalubuntu_linuxopenjdk-11-sourcep-cpe:/a:canonical:ubuntu_linux:openjdk-11-source
canonicalubuntu_linuxopenjdk-8-demop-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo
canonicalubuntu_linuxopenjdk-8-jdkp-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk
canonicalubuntu_linuxopenjdk-8-jdk-headlessp-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless
canonicalubuntu_linuxopenjdk-8-jrep-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre
Rows per page:
1-10 of 171

References

Related

oraclelinux 7
nessus 73
redhat 13
osv 3
debian 3
openvas 18
ubuntu 1
centos 5
amazon 4
mageia 1
suse 3
ibm 64
kaspersky 1
aix 1
f5 2
oraclelinux
oraclelinux
java-11-openjdk security update
2019-10-16 00:00:00
java-11-openjdk security update
2019-10-17 00:00:00
java-1.8.0-openjdk security update
2019-10-17 00:00:00
nessus
nessus
CentOS 8 : java-11-openjdk (CESA-2019:3135)
2021-01-29 00:00:00
CentOS 7 : java-11-openjdk (CESA-2019:3127)
2019-10-24 00:00:00
RHEL 8 : java-11-openjdk (RHSA-2019:3135)
2019-10-18 00:00:00
redhat
redhat
(RHSA-2019:3135) Important: java-11-openjdk security update
2019-10-17 09:38:01
(RHSA-2019:3127) Important: java-11-openjdk security update
2019-10-16 13:12:33
(RHSA-2019:3136) Important: java-1.8.0-openjdk security update
2019-10-17 11:35:05
osv
osv
openjdk-8 - security update
2019-10-21 00:00:00
openjdk-11 - security update
2019-10-20 00:00:00
openjdk-7 - security update
2019-12-07 00:00:00
debian
debian
[SECURITY] [DSA 4546-1] openjdk-11 security update
2019-10-20 21:34:09
[SECURITY] [DSA 4548-1] openjdk-8 security update
2019-10-21 21:30:33
[SECURITY] [DLA 2023-1] openjdk-7 security update
2019-12-07 22:02:23
openvas
openvas
Debian Security Advisory DSA 4546-1 (openjdk-11 - security update)
2019-10-22 00:00:00
CentOS Update for java-11-openjdk CESA-2019:3127 centos7
2019-10-24 00:00:00
Debian Security Advisory DSA 4548-1 (openjdk-8 - security update)
2019-10-23 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2019-12-17 00:00:00
centos
centos
java security update
2019-10-23 13:02:38
java security update
2019-10-22 23:52:58
java security update
2019-10-23 12:59:48
amazon
amazon
Important: java-1.8.0-openjdk
2020-01-06 23:06:00
Important: java-11-amazon-corretto
2019-10-15 22:06:00
Medium: java-1.7.0-openjdk
2019-12-13 19:13:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2019-10-24 00:06:40
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-12-15 00:00:00
Security update for java-11-openjdk (important)
2019-11-25 00:00:00
Security update for java-11-openjdk (important)
2019-11-24 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the WebSphere Message Broker V8.
2020-03-16 05:52:46
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.
2020-03-16 05:48:27
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect OS Images for Red Hat Linux Systems (Oct2019 updates)
2020-05-06 12:02:05
kaspersky
kaspersky
KLA11582 Multiple vulnerabilities in Oracle Java SE
2019-10-15 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2020-02-17 15:56:20
f5
f5
K40264570 : Java SE vulnerabilities CVE-2019-2987, CVE-2019-2988, and CVE-2019-2992
2022-06-10 00:00:00
K41913011 : Java SE vulnerabilities CVE-2019-2973 and CVE-2019-2981
2022-06-10 00:00:00
JSON
Related for UBUNTU_USN-4223-1.NASL
oraclelinux7nessus73redhat13osv3debian3openvas18ubuntu1centos5amazon4mageia1suse3ibm64kaspersky1aix1f52