Lucene search
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4337-1.NASLHistoryApr 24, 2020 - 12:00 a.m.
Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4337-1)
2020-04-2400:00:00
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755)
It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757)
Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11.
(CVE-2020-2767)
It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773)
Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled.
This issue only affected OpenJDK 11. (CVE-2020-2778)
Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781)
Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information.
(CVE-2020-2800)
Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805)
It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816)
It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4337-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(135967);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/21");
script_cve_id(
"CVE-2020-2754",
"CVE-2020-2755",
"CVE-2020-2756",
"CVE-2020-2757",
"CVE-2020-2767",
"CVE-2020-2773",
"CVE-2020-2778",
"CVE-2020-2781",
"CVE-2020-2800",
"CVE-2020-2803",
"CVE-2020-2805",
"CVE-2020-2816",
"CVE-2020-2830"
);
script_xref(name:"USN", value:"4337-1");
script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4337-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"It was discovered that OpenJDK incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause a
denial of service while processing a specially crafted regular
expression. (CVE-2020-2754, CVE-2020-2755)
It was discovered that OpenJDK incorrectly handled class descriptors
and catching exceptions during object stream deserialization. An
attacker could possibly use this issue to cause a denial of service
while processing a specially crafted serialized input. (CVE-2020-2756,
CVE-2020-2757)
Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean
and Robert Merget discovered that OpenJDK incorrectly handled
certificate messages during TLS handshake. An attacker could possibly
use this issue to bypass certificate verification and insert, edit or
obtain sensitive information. This issue only affected OpenJDK 11.
(CVE-2020-2767)
It was discovered that OpenJDK incorrectly handled exceptions thrown
by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could
possibly use this issue to cause a denial of service while reading key
info or XML signature data from XML input. (CVE-2020-2773)
Peter Dettman discovered that OpenJDK incorrectly handled
SSLParameters in setAlgorithmConstraints(). An attacker could possibly
use this issue to override the defined systems security policy and
lead to the use of weak crypto algorithms that should be disabled.
This issue only affected OpenJDK 11. (CVE-2020-2778)
Simone Bordet discovered that OpenJDK incorrectly re-used single null
TLS sessions for new TLS connections. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2020-2781)
Dan Amodio discovered that OpenJDK did not restrict the use of CR and
LF characters in values for HTTP headers. An attacker could possibly
use this issue to insert, edit or obtain sensitive information.
(CVE-2020-2800)
Nils Emmerich discovered that OpenJDK incorrectly checked boundaries
or argument types. An attacker could possibly use this issue to bypass
sandbox restrictions causing unspecified impact. (CVE-2020-2803,
CVE-2020-2805)
It was discovered that OpenJDK incorrectly handled application data
packets during TLS handshake. An attacker could possibly use this
issue to insert, edit or obtain sensitive information. This issue only
affected OpenJDK 11. (CVE-2020-2816)
It was discovered that OpenJDK incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause a
denial of service. (CVE-2020-2830).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4337-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-2805");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-source");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '16.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '16.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '16.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '16.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '16.04', 'pkgname': 'openjdk-8-jre-jamvm', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '16.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '16.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u252-b09-1~16.04'},
{'osver': '18.04', 'pkgname': 'openjdk-11-demo', 'pkgver': '11.0.7+10-2ubuntu2~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-11-jdk', 'pkgver': '11.0.7+10-2ubuntu2~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-11-jdk-headless', 'pkgver': '11.0.7+10-2ubuntu2~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-11-jre', 'pkgver': '11.0.7+10-2ubuntu2~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-11-jre-headless', 'pkgver': '11.0.7+10-2ubuntu2~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-11-jre-zero', 'pkgver': '11.0.7+10-2ubuntu2~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-11-source', 'pkgver': '11.0.7+10-2ubuntu2~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-8-demo', 'pkgver': '8u252-b09-1~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-8-jdk', 'pkgver': '8u252-b09-1~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-8-jdk-headless', 'pkgver': '8u252-b09-1~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-8-jre', 'pkgver': '8u252-b09-1~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-8-jre-headless', 'pkgver': '8u252-b09-1~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-8-jre-zero', 'pkgver': '8u252-b09-1~18.04'},
{'osver': '18.04', 'pkgname': 'openjdk-8-source', 'pkgver': '8u252-b09-1~18.04'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjdk-11-demo / openjdk-11-jdk / openjdk-11-jdk-headless / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | openjdk-11-jdk | p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk |
| canonical | ubuntu_linux | openjdk-11-jdk-headless | p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless |
| canonical | ubuntu_linux | openjdk-11-jre | p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre |
| canonical | ubuntu_linux | openjdk-11-jre-headless | p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless |
| canonical | ubuntu_linux | openjdk-11-jre-zero | p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero |
| canonical | ubuntu_linux | openjdk-11-source | p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source |
| canonical | ubuntu_linux | openjdk-8-demo | p-cpe:/a:canonical:ubuntu_linux:openjdk-8-demo |
| canonical | ubuntu_linux | openjdk-8-jdk | p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk |
| canonical | ubuntu_linux | openjdk-8-jdk-headless | p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless |
| canonical | ubuntu_linux | openjdk-8-jre | p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830
ubuntu.com/security/notices/USN-4337-1
Related
oraclelinux
oraclelinux
java-11-openjdk security update
2020-04-21 00:00:00
java-11-openjdk security update
2020-04-22 00:00:00
java-1.8.0-openjdk security update
2020-04-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory for openjdk-8 (USN-4337-1)
2020-04-23 00:00:00
openSUSE: Security Advisory for java-11-openjdk (openSUSE-SU-2020:0757-1)
2020-06-03 00:00:00
CentOS: Security Advisory for java-11-openjdk (CESA-2020:1509)
2020-05-01 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:1511-1)
2020-06-17 00:00:00
Photon OS 1.0: Openjdk PHSA-2020-1.0-0290
2020-04-29 00:00:00
Photon OS 2.0: Openjdk8 PHSA-2020-2.0-0235
2020-05-05 00:00:00
suse
suse
Security update for java-11-openjdk (important)
2020-06-02 00:00:00
Security update for java-1_8_0-openj9 (important)
2020-06-24 00:00:00
Security update for java-1_8_0-openjdk (important)
2020-06-13 00:00:00
osv
osv
openjdk-11 - security update
2020-04-24 00:00:00
openjdk-8 - security update
2020-04-28 00:00:00
openjdk-7 - security update
2020-04-28 00:00:00
redhat
redhat
(RHSA-2020:1509) Important: java-11-openjdk security update
2020-04-21 09:11:58
(RHSA-2020:1517) Important: java-11-openjdk security update
2020-04-21 13:55:17
(RHSA-2020:1514) Important: java-11-openjdk security update
2020-04-21 12:04:13
centos
centos
java security update
2020-04-30 19:52:43
java security update
2020-04-30 19:53:37
java security update
2020-04-28 00:26:13
ubuntu
ubuntu
OpenJDK vulnerabilities
2020-04-22 00:00:00
debian
debian
[SECURITY] [DSA 4662-1] openjdk-11 security update
2020-04-24 12:55:19
[SECURITY] [DSA 4668-1] openjdk-8 security update
2020-04-28 19:35:17
[SECURITY] [DLA 2193-1] openjdk-7 security update
2020-04-29 00:48:53
amazon
amazon
Important: java-11-amazon-corretto
2020-04-14 23:16:00
Important: java-1.8.0-openjdk
2023-08-21 12:14:00
Important: java-1.8.0-openjdk
2020-05-05 01:18:00
ibm
ibm
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-04-24 20:03:35
fedora
fedora
[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc31
2020-05-18 03:23:13
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc32
2020-05-07 03:11:08
[SECURITY] Fedora 30 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc30
2020-05-13 03:36:38
kaspersky
kaspersky
KLA11753 Multiple vulnerabilities in Oracle Java SE
2020-03-16 00:00:00
gentoo
gentoo
OpenJDK, IcedTea: Multiple vulnerabilities
2020-06-15 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2020-07-31 09:56:48
photon
photon
Important Photon OS Security Update - PHSA-2020-0083
2020-04-23 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0083
2020-04-23 00:00:00
f5
f5
Related for UBUNTU_USN-4337-1.NASL