Search...

Oracle Java SE Security Updates (jan2018-3236628) 01 - Linux

2018-01-17T00:00:00

ID OPENVAS:1361412562310108368
Type openvas
Reporter Copyright (C) 2018 Greenbone Networks GmbH
Modified 2020-05-12T00:00:00

Description

The host is installed with Oracle Java SE and is prone to a denial-of-service vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Oracle Java SE Security Updates (jan2018-3236628) 01 - Linux
#
# Authors:
# Shakeel &lt;bshakeel@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108368");
  script_version("2020-05-12T13:57:17+0000");
  script_cve_id("CVE-2018-2657");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)");
  script_tag(name:"creation_date", value:"2018-01-17 11:38:48 +0530 (Wed, 17 Jan 2018)");
  script_name("Oracle Java SE Security Updates (jan2018-3236628) 01 - Linux");

  script_tag(name:"summary", value:"The host is installed with Oracle Java SE
  and is prone to a denial-of-service vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw exists due to error in the
  'Serialization' sub-component of the application.");

  script_tag(name:"impact", value:"Successful exploitation of this
  vulnerability will allow remote attackers to conduct a denial-of-service
  condition.");

  script_tag(name:"affected", value:"Oracle Java SE version 1.6.0.171 and
  earlier, 1.7.0.161 and earlier on Linux.");

  script_tag(name:"solution", value:"Apply the patch from the referenced advisory.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_lin.nasl");
  script_mandatory_keys("Sun/Java/JRE/Linux/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

cpe_list = make_list("cpe:/a:oracle:jre", "cpe:/a:sun:jre");

if(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(vers =~ "^1\.[67]\.") {
  if((version_in_range(version:vers, test_version:"1.6.0", test_version2:"1.6.0.171"))||
     (version_in_range(version:vers, test_version:"1.7.0", test_version2:"1.7.0.161"))) {
    report = report_fixed_ver(installed_version:vers, fixed_version: "Apply the patch", install_path:path);
    security_message(data:report);
    exit(0);
  }
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310108368", "type": "openvas", "bulletinFamily": "scanner", "title": "Oracle Java SE Security Updates (jan2018-3236628) 01 - Linux", "description": "The host is installed with Oracle Java SE\n and is prone to a denial-of-service vulnerability.", "published": "2018-01-17T00:00:00", "modified": "2020-05-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108368", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"], "cvelist": ["CVE-2018-2657"], "lastseen": "2020-05-15T17:02:55", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-2657"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812637"]}, {"type": "nessus", "idList": ["ORACLE_JROCKIT_CPU_JAN_2018.NASL", "ORACLE_JAVA_CPU_JAN_2018.NASL", "SUSE_SU-2018-0694-1.NASL", "REDHAT-RHSA-2018-0458.NASL", "REDHAT-RHSA-2018-0115.NASL", "ORACLE_JAVA_CPU_JAN_2018_UNIX.NASL", "SUSE_SU-2018-0630-1.NASL", "REDHAT-RHSA-2018-1463.NASL", "REDHAT-RHSA-2018-0521.NASL", "REDHAT-RHSA-2018-0100.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:0521", "RHSA-2018:1463", "RHSA-2018:1812", "RHSA-2018:0115", "RHSA-2018:0100", "RHSA-2018:0458"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0630-1", "SUSE-SU-2018:0694-1", "SUSE-SU-2018:0743-1", "SUSE-SU-2018:0645-1"]}, {"type": "aix", "idList": ["JAVA_JAN2018_ADVISORY.ASC"]}, {"type": "kaspersky", "idList": ["KLA11178"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018-3236628"]}], "modified": "2020-05-15T17:02:55", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-05-15T17:02:55", "rev": 2}, "vulnersScore": 7.0}, "pluginID": "1361412562310108368", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE Security Updates (jan2018-3236628) 01 - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108368\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2018-2657\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 11:38:48 +0530 (Wed, 17 Jan 2018)\");\n script_name(\"Oracle Java SE Security Updates (jan2018-3236628) 01 - Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n and is prone to a denial-of-service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error in the\n 'Serialization' sub-component of the application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to conduct a denial-of-service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 1.6.0.171 and\n earlier, 1.7.0.161 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^1\\.[67]\\.\") {\n if((version_in_range(version:vers, test_version:\"1.6.0\", test_version2:\"1.6.0.171\"))||\n (version_in_range(version:vers, test_version:\"1.7.0\", test_version2:\"1.7.0.161\"))) {\n report = report_fixed_ver(installed_version:vers, fixed_version: \"Apply the patch\", install_path:path);\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "General"}

{"cve": [{"lastseen": "2020-12-09T20:25:41", "description": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2018-01-18T02:29:00", "title": "CVE-2018-2657", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2657"], "modified": "2020-09-08T12:59:00", "cpe": ["cpe:/a:hp:xp_command_view:*", "cpe:/a:oracle:jre:1.6.0", "cpe:/a:oracle:jrockit:r28.3.16", "cpe:/a:redhat:satellite:5.6", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:redhat:satellite:5.7", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:hp:xp_p9000_command_view:*", "cpe:/a:hp:xp7_command_view:*", "cpe:/a:oracle:jre:1.7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:redhat:satellite:5.8", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2018-2657", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2657", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:jre:1.6.0:update_171:*:*:*:*:*:*", "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_161:*:*:*:*:*:*", "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*", "cpe:2.3:a:hp:xp_command_view:*:*:*:*:advanced:*:*:*", "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_171:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-15T17:02:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2657"], "description": "The host is installed with Oracle Java SE\n and is prone to a denial-of-service vulnerability.", "modified": "2020-05-12T00:00:00", "published": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310812637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812637", "type": "openvas", "title": "Oracle Java SE Security Updates (jan2018-3236628) 01 - Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE Security Updates (jan2018-3236628) 01 - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812637\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2018-2657\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 11:38:48 +0530 (Wed, 17 Jan 2018)\");\n script_name(\"Oracle Java SE Security Updates (jan2018-3236628) 01 - Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n and is prone to a denial-of-service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error in the\n 'Serialization' sub-component of the application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to conduct a denial-of-service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE version 1.6.0.171 and\n earlier, 1.7.0.161 and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^1\\.[67]\\.\") {\n if((version_in_range(version:vers, test_version:\"1.6.0\", test_version2:\"1.6.0.171\"))||\n (version_in_range(version:vers, test_version:\"1.7.0\", test_version2:\"1.7.0.161\"))) {\n report = report_fixed_ver(installed_version:vers, fixed_version: \"Apply the patch\", install_path:path);\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T04:34:50", "description": "The version of Oracle JRockit installed on the remote Windows host is\nR28.3.16. It is, therefore, affected by multiple vulnerabilities. See advisory for details.", "edition": 27, "cvss3": {"score": 7.4, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2018-01-18T00:00:00", "title": "Oracle JRockit R28.3.16 Multiple Vulnerabilities (January 2018 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2657", "CVE-2018-2675", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:jrockit"], "id": "ORACLE_JROCKIT_CPU_JAN_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/106139", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106139);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2637\",\n \"CVE-2018-2657\",\n \"CVE-2018-2663\",\n \"CVE-2018-2675\",\n \"CVE-2018-2678\"\n );\n script_bugtraq_id(\n 102557,\n 102576,\n 102612,\n 102615,\n 102625,\n 102629,\n 102633,\n 102659,\n 102661,\n 102662,\n 102670,\n 102675\n );\n\n script_name(english:\"Oracle JRockit R28.3.16 Multiple Vulnerabilities (January 2018 CPU)\");\n script_summary(english:\"Checks the version of jvm.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A programming platform installed on the remote Windows host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle JRockit installed on the remote Windows host is\nR28.3.16. It is, therefore, affected by multiple vulnerabilities. See advisory for details.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?29ce2b01\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JRockit version R28.3.17 or later as referenced in\nthe January 2018 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2637\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jrockit\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_jrockit_installed.nasl\");\n script_require_keys(\"installed_sw/Oracle JRockit\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Oracle JRockit\";\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\nver = install['version'];\ntype = install['type'];\npath = install['path'];\n\nif (ver =~ \"^28(\\.3)?$\") audit(AUDIT_VER_NOT_GRANULAR, app, ver);\nif (ver !~ \"^28\\.3($|[^0-9])\") audit(AUDIT_NOT_INST, app + \" 28.3.x\");\n\n# Affected :\n# 28.3.16\nif (ver =~ \"^28\\.3\\.16($|[^0-9])\")\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n # The DLL we're looking at is a level deeper in the JDK, since it\n # keeps a subset of the JRE in a subdirectory.\n if (type == \"JDK\") path += \"\\jre\";\n path += \"\\bin\\jrockit\\jvm.dll\";\n\n report =\n '\\n Type : ' + type +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 28.3.17' +\n '\\n';\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T05:10:17", "description": "An update for java-1.6.0-sun is now available for Oracle Java for Red\nHat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 181.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page listed in the References\nsection. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602,\nCVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633,\nCVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663,\nCVE-2018-2677, CVE-2018-2678)", "edition": 26, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-23T00:00:00", "title": "RHEL 6 / 7 : java-1.6.0-sun (RHSA-2018:0115)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin"], "id": "REDHAT-RHSA-2018-0115.NASL", "href": "https://www.tenable.com/plugins/nessus/106256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0115. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106256);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0115\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.6.0-sun (RHSA-2018:0115)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.6.0-sun is now available for Oracle Java for Red\nHat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 181.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page listed in the References\nsection. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602,\nCVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633,\nCVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663,\nCVE-2018-2677, CVE-2018-2678)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae82f1b1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/java/javase/documentation/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0115\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.181-1jpp.2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-09-23T18:21:43", "description": "This update for java-1_7_0-ibm provides the following fixes: The\nversion was updated to 7.0.10.20 [bsc#1082810] :\n\n - Following security issues were fixed :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n Ã¢ÂÂ\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-12T00:00:00", "title": "SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0645-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel"], "id": "SUSE_SU-2018-0645-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107288", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0645-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107288);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0645-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-ibm provides the following fixes: The\nversion was updated to 7.0.10.20 [bsc#1082810] :\n\n - Following security issues were fixed :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n Ã¢ÂÂ\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180645-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45cb336f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-java-1_7_0-ibm-13503=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-java-1_7_0-ibm-13503=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-devel-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr10.20-65.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-09-23T18:21:37", "description": "This update for java-1_7_1-ibm provides the following fix: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n Ã¢ÂÂ\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-08T00:00:00", "title": "SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0630-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"], "id": "SUSE_SU-2018-0630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107213", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0630-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107213);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0630-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm provides the following fix: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n Ã¢ÂÂ Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n Ã¢ÂÂ\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180630-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d88d6af2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-java-1_7_1-ibm-13500=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-java-1_7_1-ibm-13500=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-26.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T06:09:56", "description": "This update for java-1_7_1-ibm fixes the following issues: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-16T00:00:00", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0694-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"], "id": "SUSE_SU-2018-0694-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108400", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0694-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108400);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0694-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm fixes the following issues: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180694-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95900a6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-475=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-475=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-475=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-475=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T06:09:59", "description": "This update for java-1_7_1-ibm fixes the following issue: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the\n proper file system locations. Without those symlinks,\n several OES iManager plugins did not function properly.\n [bsc#1085018]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-20T00:00:00", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0743-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"], "id": "SUSE_SU-2018-0743-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0743-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108482);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0743-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm fixes the following issue: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the\n proper file system locations. Without those symlinks,\n several OES iManager plugins did not function properly.\n [bsc#1085018]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180743-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e573633\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-498=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-498=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-498=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-498=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-498=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T05:12:30", "description": "An update for java-1.7.1-ibm is now available for Red Hat Satellite\n5.6 and Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI,\n8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n(CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization\nfilter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325)\n(CVE-2018-2641)\n\n* Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and\n9.0.4 (JavaFX) (CVE-2018-2581)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP\nquery (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)\n(CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601)\n(CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)\n(CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292)\n(CVE-2018-2618)\n\n* OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171\n(Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT,\n8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes\ndeserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries,\n8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 22, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-06-08T00:00:00", "title": "RHEL 6 : java-1.7.1-ibm (RHSA-2018:1812)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2581", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1812.NASL", "href": "https://www.tenable.com/plugins/nessus/110405", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1812. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110405);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2581\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:1812\");\n\n script_name(english:\"RHEL 6 : java-1.7.1-ibm (RHSA-2018:1812)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Satellite\n5.6 and Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI,\n8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n(CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization\nfilter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325)\n(CVE-2018-2641)\n\n* Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and\n9.0.4 (JavaFX) (CVE-2018-2581)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP\nquery (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)\n(CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601)\n(CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)\n(CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292)\n(CVE-2018-2618)\n\n* OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171\n(Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT,\n8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes\ndeserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries,\n8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.7.1-ibm and / or java-1.7.1-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1812\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-devel\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T05:10:41", "description": "An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: insufficient validation of the invokeinterface instruction\n(Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI,\n8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n(CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization\nfilter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325)\n(CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP\nquery (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)\n(CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601)\n(CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)\n(CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292)\n(CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171\n(Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT,\n8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes\ndeserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries,\n8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 23, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-15T00:00:00", "title": "RHEL 6 : java-1.7.1-ibm (RHSA-2018:0521)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-1417", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src"], "id": "REDHAT-RHSA-2018-0521.NASL", "href": "https://www.tenable.com/plugins/nessus/108362", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0521. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108362);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-1417\", \"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0521\");\n\n script_name(english:\"RHEL 6 : java-1.7.1-ibm (RHSA-2018:0521)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: insufficient validation of the invokeinterface instruction\n(Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI,\n8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n(CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization\nfilter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325)\n(CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP\nquery (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)\n(CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601)\n(CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)\n(CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292)\n(CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171\n(Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT,\n8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes\ndeserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries,\n8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0521\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-src-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-src-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-src-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:10:35", "description": "An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: insufficient validation of the invokeinterface instruction\n(Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI,\n8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n(CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization\nfilter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325)\n(CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP\nquery (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)\n(CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601)\n(CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)\n(CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292)\n(CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171\n(Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT,\n8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes\ndeserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries,\n8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 23, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-08T00:00:00", "title": "RHEL 7 : java-1.7.1-ibm (RHSA-2018:0458)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-1417", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src"], "id": "REDHAT-RHSA-2018-0458.NASL", "href": "https://www.tenable.com/plugins/nessus/107207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0458. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107207);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-1417\", \"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0458\");\n\n script_name(english:\"RHEL 7 : java-1.7.1-ibm (RHSA-2018:0458)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: insufficient validation of the invokeinterface instruction\n(Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI,\n8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n(CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization\nfilter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325)\n(CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP\nquery (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)\n(CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601)\n(CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)\n(CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292)\n(CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171\n(Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT,\n8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes\ndeserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries,\n8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0458\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:10:12", "description": "An update for java-1.7.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page listed in the References\nsection. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599,\nCVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629,\nCVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641,\nCVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "edition": 27, "cvss3": {"score": 8.3, "vector": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-19T00:00:00", "title": "RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2618", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2783", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2581", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin"], "id": "REDHAT-RHSA-2018-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/106183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0100. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106183);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2581\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\", \"CVE-2018-2783\");\n script_xref(name:\"RHSA\", value:\"2018:0100\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page listed in the References\nsection. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599,\nCVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629,\nCVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641,\nCVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae82f1b1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/java/javaseproducts/documentation/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0100\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-oracle / java-1.7.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 181.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "modified": "2018-06-07T18:20:33", "published": "2018-01-23T01:29:11", "id": "RHSA-2018:0115", "href": "https://access.redhat.com/errata/RHSA-2018:0115", "type": "redhat", "title": "(RHSA-2018:0115) Important: java-1.6.0-sun security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es):\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX) (CVE-2018-2581)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-09T14:12:00", "published": "2018-06-07T19:54:13", "id": "RHSA-2018:1812", "href": "https://access.redhat.com/errata/RHSA-2018:1812", "type": "redhat", "title": "(RHSA-2018:1812) Important: java-1.7.1-ibm security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es):\n\n* OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-05-05T00:27:29", "published": "2018-03-07T15:00:22", "id": "RHSA-2018:0458", "href": "https://access.redhat.com/errata/RHSA-2018:0458", "type": "redhat", "title": "(RHSA-2018:0458) Important: java-1.7.1-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es):\n\n* OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-07T18:21:38", "published": "2018-03-14T19:08:27", "id": "RHSA-2018:0521", "href": "https://access.redhat.com/errata/RHSA-2018:0521", "type": "redhat", "title": "(RHSA-2018:0521) Important: java-1.7.1-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:31:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "modified": "2018-06-07T18:20:31", "published": "2018-01-19T02:10:33", "id": "RHSA-2018:0100", "href": "https://access.redhat.com/errata/RHSA-2018:0100", "type": "redhat", "title": "(RHSA-2018:0100) Important: java-1.7.0-oracle security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2627", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP10.\n\nSecurity Fix(es):\n\n* IBM JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges (CVE-2018-1417)\n\n* Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment) (CVE-2018-2638)\n\n* Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment) (CVE-2018-2639)\n\n* OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962) (CVE-2018-2582)\n\n* Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Installer) (CVE-2018-2627)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX) (CVE-2018-2581)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-05-15T19:20:34", "published": "2018-05-15T19:18:48", "id": "RHSA-2018:1463", "href": "https://access.redhat.com/errata/RHSA-2018:1463", "type": "redhat", "title": "(RHSA-2018:1463) Moderate: java-1.8.0-ibm security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-03-15T20:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "description": "This update for java-1_7_1-ibm fixes the following issues:\n\n The version was updated to 7.1.4.20 [bsc#1082810]\n\n * Security fixes:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n * SUSE fixes:\n\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp\n files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed.\n [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR\n 110991601735. [bsc#966304]\n\n", "edition": 1, "modified": "2018-03-15T18:07:53", "published": "2018-03-15T18:07:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00039.html", "id": "SUSE-SU-2018:0694-1", "title": "Security update for java-1_7_1-ibm (important)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-19T20:35:57", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "description": "This update for java-1_7_1-ibm fixes the following issue:\n\n The version was updated to 7.1.4.20 [bsc#1082810]\n\n * Security fixes:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n * SUSE fixes:\n\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp\n files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed.\n [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR\n 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the proper file\n system locations. Without those symlinks, several OES iManager plugins\n did not function properly. [bsc#1085018]\n\n", "edition": 1, "modified": "2018-03-19T18:08:56", "published": "2018-03-19T18:08:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00049.html", "id": "SUSE-SU-2018:0743-1", "title": "Security update for java-1_7_1-ibm (important)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-07T17:37:39", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "description": "This update for java-1_7_1-ibm provides the following fix:\n\n The version was updated to 7.1.4.20 [bsc#1082810]\n\n * Security fixes:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl \u00e2\u0080\u0093 SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n", "edition": 1, "modified": "2018-03-07T15:07:26", "published": "2018-03-07T15:07:26", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00027.html", "id": "SUSE-SU-2018:0630-1", "type": "suse", "title": "Security update for java-1_7_1-ibm (important)", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-09T15:37:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "description": "This update for java-1_7_0-ibm provides the following fixes:\n\n The version was updated to 7.0.10.20 [bsc#1082810]:\n\n * Following security issues were fixed:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl \u00e2\u0080\u0093 SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n", "edition": 1, "modified": "2018-03-09T12:09:56", "published": "2018-03-09T12:09:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00029.html", "id": "SUSE-SU-2018:0645-1", "type": "suse", "title": "Security update for java-1_7_0-ibm (important)", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "aix": [{"lastseen": "2019-05-29T19:19:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2639", "CVE-2018-2638", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-1417", "CVE-2018-2678", "CVE-2018-2579"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Mon Apr 30 11:26:59 CDT 2018\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/java_jan2018_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/java_jan2018_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_jan2018_advisory.asc\n\nSecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in IBM SDK Java Technology Edition,\n Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed\n as part of the IBM Java SDK updates in January 2018.\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2018-2579\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to \n the Java SE, Java SE Embedded, JRockit Libraries component could \n allow an unauthenticated attacker to obtain sensitive information \n resulting in a low confidentiality impact using unknown attack \n vectors.\n CVSS Base Score: 3.7 \n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/137833 \n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n CVEID: CVE-2018-2588\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2588\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2588\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to \n the Java SE, Java SE Embedded, JRockit LDAP component could allow an \n authenticated attacker to obtain sensitive information resulting in a \n low confidentiality impact using unknown attack vectors. \n CVSS Base Score: 4.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137841\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n CVEID: CVE-2018-2663\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to \n the Java SE, Java SE Embedded, JRockit Libraries component could \n allow an unauthenticated attacker to cause a denial of service \n resulting in a low availability impact using unknown attack vectors. \n CVSS Base Score: 4.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137917\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2018-2677\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded AWT component could allow an unauthenticated \n attacker to cause a denial of service resulting in a low availability \n impact using unknown attack vectors. \n CVSS Base Score: 4.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137932\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2018-2678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded, JRockit JNDI component could allow an \n unauthenticated attacker to cause a denial of service resulting in a \n low availability impact using unknown attack vectors. \n CVSS Base Score: 4.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137933\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2018-2602\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded I18n component could allow an \n unauthenticated attacker to cause low confidentiality impact, low \n integrity impact, and low availability impact. \n CVSS Base Score: 4.5 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137854\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n CVEID: CVE-2018-2599\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded, JRockit JNDI component could allow an \n unauthenticated attacker to cause no confidentiality impact, low \n integrity impact, and low availability impact. \n CVSS Base Score: 4.8 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137851\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n CVEID: CVE-2018-2603\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded, JRockit Libraries component could allow an \n unauthenticated attacker to cause a denial of service resulting in a \n low availability impact using unknown attack vectors. \n CVSS Base Score: 5.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137855\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2018-2657\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, JRockit Serialization component could allow an \n unauthenticated attacker to cause a denial of service resulting in a \n low availability impact using unknown attack vectors. \n CVSS Base Score: 5.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137910\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2018-2618\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2618\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2618\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded, JRockit JCE component could allow an \n unauthenticated attacker to obtain sensitive information resulting in \n a high confidentiality impact using unknown attack vectors. \n CVSS Base Score: 5.9 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137870\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n CVEID: CVE-2018-2641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2641\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2641\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded AWT component could allow an unauthenticated \n attacker to cause no confidentiality impact, high integrity impact, \n and no availability impact. \n CVSS Base Score: 6.1 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137893\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n CVEID: CVE-2018-2582\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2582\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2582\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded Hotspot component could allow an \n unauthenticated attacker to cause no confidentiality impact, high \n integrity impact, and no availability impact. \n CVSS Base Score: 6.5 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137836\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n CVEID: CVE-2018-2634\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded JGSS component could allow an \n unauthenticated attacker to obtain sensitive information resulting in \n a high confidentiality impact using unknown attack vectors. \n CVSS Base Score: 6.8 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137886\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n CVEID: CVE-2018-2637\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded, JRockit JMX component could allow an \n unauthenticated attacker to cause high confidentiality impact, high \n integrity impact, and no availability impact. \n CVSS Base Score: 7.4 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137889\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n CVEID: CVE-2018-2633\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE, Java SE Embedded, JRockit JNDI component could allow an \n unauthenticated attacker to take control of the system. \n CVSS Base Score: 8.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137885\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n CVEID: CVE-2018-2638\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2638\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2638\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE Deployment component could allow an unauthenticated attacker \n to take control of the system. \n CVSS Base Score: 8.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137890\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n CVEID: CVE-2018-2639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2639\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2639\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the \n Java SE Deployment component could allow an unauthenticated attacker \n to take control of the system. \n CVSS Base Score: 8.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/137891\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n CVEID: CVE-2018-1417\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1417\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1417\n DESCRIPTION: Under certain circumstances, a flaw in the J9 JVM allows \n untrusted code running under a security manager to elevate its \n privileges. \n CVSS Base Score: 8.1 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/138823\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n\nAFFECTED PRODUCTS AND VERSIONS:\n\n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels (VRMF) are vulnerable, if the \n respective Java version is installed:\n For Java7: Less than 7.0.0.620\n For Java7.1: Less than 7.1.0.420\n For Java8: Less than 8.0.0.510\n\n Note: To find out whether the affected Java filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i java\n\n\nREMEDIATION:\n\n Note: Recommended remediation is to always install the most recent \n Java package available for the respective Java version.\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix\n Pack 20 and subsequent releases:\n 32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4\n Fix Pack 20 and subsequent releases:\n 32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 8 Service Refresh 5\n Fix Pack 10 and subsequent releases:\n 32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n\nWORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v2 Guide:\n http://www.first.org/cvss/v2/guide \n On-line Calculator v2:\n http://nvd.nist.gov/CVSS-v2-Calculator \n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide \n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0 \n IBM Java SDK Security Bulletin:\n http://www-01.ibm.com/support/docview.wss?uid=swg22012965\n\n\nRELATED INFORMATION:\n\n Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1027373\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\nCHANGE HISTORY:\n\n First Issued: Mon Apr 30 11:26:59 CDT 2018\n\n \n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n\n\n\n", "edition": 5, "modified": "2018-04-30T11:26:59", "published": "2018-04-30T11:26:59", "id": "JAVA_JAN2018_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/java_jan2018_advisory.asc", "title": "Multiple vulnerabilities in IBM Java SDK affect AIX", "type": "aix", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:50:42", "bulletinFamily": "info", "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2639", "CVE-2018-2638", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2581", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2627", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2675", "CVE-2018-2678", "CVE-2018-2579"], "description": "### *Detect date*:\n01/16/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities possibly possibly to cause denial of service, to gain privileges and to obtain sensitive information.\n\n### *Affected products*:\nJava SE 6 version 6u171 and earlier \nJava SE 7 version 7u161 and earlier \nJava SE 8 version 8u152 and earlier \nJava SE 9 version 9.0.1 and earlier \nJava SE Embedded version 8u151 and earlier \nJRockit version R28.3.16 and earlier \nJava Advanced Management Console version 2.8 and earlier\n\n### *Solution*:\nUpdate to the latest version \n[Oracle software downloads](<http://www.oracle.com/technetwork/indexes/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 January 2018](<http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2018-2641](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2641>)2.6Warning \n[CVE-2018-2581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2581>)4.3Warning \n[CVE-2018-2634](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>)4.3Warning \n[CVE-2018-2639](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2639>)6.8High \n[CVE-2018-2582](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2582>)4.3Warning \n[CVE-2018-2602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>)3.7Warning \n[CVE-2018-2603](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)5.0Critical \n[CVE-2018-2678](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678>)4.3Warning \n[CVE-2018-2657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657>)5.0Critical \n[CVE-2018-2633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)5.1High \n[CVE-2018-2588](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2588>)4.0Warning \n[CVE-2018-2627](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2627>)3.7Warning \n[CVE-2018-2637](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>)5.8High \n[CVE-2018-2618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2618>)4.3Warning \n[CVE-2018-2675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2675>)4.3Warning \n[CVE-2018-2677](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>)4.3Warning \n[CVE-2018-2629](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2629>)2.6Warning \n[CVE-2018-2599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599>)5.8High \n[CVE-2018-2638](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2638>)5.1High \n[CVE-2018-2663](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>)4.3Warning \n[CVE-2018-2579](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)4.3Warning", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2018-01-16T00:00:00", "id": "KLA11178", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11178", "title": "\r KLA11178Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2019-07-16T19:58:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-2654", "CVE-2018-2731", "CVE-2018-2691", "CVE-2018-2617", "CVE-2018-2618", "CVE-2018-2722", "CVE-2016-2518", "CVE-2018-2687", "CVE-2018-2653", "CVE-2018-2723", "CVE-2017-9798", "CVE-2018-2679", "CVE-2018-2560", "CVE-2018-2659", "CVE-2018-2565", "CVE-2018-2626", "CVE-2017-5753", "CVE-2018-2561", "CVE-2017-5754", "CVE-2018-2583", "CVE-2018-2661", "CVE-2018-2589", "CVE-2016-5385", "CVE-2018-2656", "CVE-2018-2620", "CVE-2018-2623", "CVE-2017-13079", "CVE-2018-2566", "CVE-2018-2625", "CVE-2018-2650", "CVE-2017-13080", "CVE-2016-6306", "CVE-2018-2733", "CVE-2018-2582", "CVE-2016-2183", "CVE-2018-2717", "CVE-2018-2681", "CVE-2018-2728", "CVE-2018-2708", "CVE-2018-2663", "CVE-2018-2606", "CVE-2018-2709", "CVE-2016-7977", "CVE-2016-2178", "CVE-2018-2672", "CVE-2018-2646", "CVE-2018-2578", "CVE-2016-9878", "CVE-2017-3735", "CVE-2017-10273", "CVE-2015-3195", "CVE-2018-2567", "CVE-2017-0781", "CVE-2018-2586", "CVE-2018-2624", "CVE-2018-2632", "CVE-2018-2570", "CVE-2018-2669", "CVE-2018-2707", "CVE-2018-2635", "CVE-2018-2716", "CVE-2016-6302", "CVE-2018-2633", "CVE-2017-13082", "CVE-2018-2644", "CVE-2018-2696", "CVE-2018-2562", "CVE-2018-2724", "CVE-2016-2177", "CVE-2018-2639", "CVE-2014-9402", "CVE-2018-2698", "CVE-2018-2726", "CVE-2018-2638", "CVE-2016-0635", "CVE-2016-2105", "CVE-2018-2693", "CVE-2018-2590", "CVE-2018-2732", "CVE-2018-2636", "CVE-2016-2107", "CVE-2016-7055", "CVE-2018-2727", "CVE-2018-2637", "CVE-2018-2649", "CVE-2015-7501", "CVE-2018-2706", "CVE-2018-2673", "CVE-2018-2677", "CVE-2015-3253", "CVE-2018-2605", "CVE-2017-3731", "CVE-2018-2703", "CVE-2018-2721", "CVE-2017-0785", "CVE-2017-3737", "CVE-2018-2692", "CVE-2018-2571", "CVE-2018-2607", "CVE-2017-9072", "CVE-2018-2690", "CVE-2018-2725", "CVE-2018-2609", "CVE-2018-2630", "CVE-2016-1182", "CVE-2018-2711", "CVE-2017-10301", "CVE-2018-2710", "CVE-2018-2604", "CVE-2018-2612", "CVE-2018-2600", "CVE-2017-13078", "CVE-2018-2664", "CVE-2016-2180", "CVE-2018-2676", "CVE-2015-2808", "CVE-2018-2619", "CVE-2018-2574", "CVE-2018-2581", "CVE-2018-2603", "CVE-2018-2682", "CVE-2017-5715", "CVE-2016-2109", "CVE-2018-2701", "CVE-2016-2181", "CVE-2018-2593", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-0783", "CVE-2014-0114", "CVE-2017-3732", "CVE-2018-2599", "CVE-2018-2643", "CVE-2018-2666", "CVE-2018-2688", "CVE-2015-0293", "CVE-2018-2662", "CVE-2018-2601", "CVE-2018-2667", "CVE-2018-2668", "CVE-2018-2729", "CVE-2017-10352", "CVE-2016-2550", "CVE-2018-2564", "CVE-2018-2610", "CVE-2018-2660", "CVE-2018-2577", "CVE-2018-2569", "CVE-2018-2658", "CVE-2016-7052", "CVE-2018-2640", "CVE-2018-2613", "CVE-2018-2596", "CVE-2018-2705", "CVE-2017-10282", "CVE-2007-6750", "CVE-2018-2714", "CVE-2018-2674", "CVE-2018-2730", "CVE-2018-2647", "CVE-2018-2584", "CVE-2018-2641", "CVE-2014-7817", "CVE-2017-5664", "CVE-2018-2629", "CVE-2018-2585", "CVE-2016-0800", "CVE-2018-2615", "CVE-2018-2685", "CVE-2018-2699", "CVE-2018-2597", "CVE-2018-2616", "CVE-2018-2697", "CVE-2016-1181", "CVE-2018-2621", "CVE-2018-2627", "CVE-2018-2720", "CVE-2017-10262", "CVE-2018-2588", "CVE-2013-2566", "CVE-2016-8735", "CVE-2018-2648", "CVE-2018-2594", "CVE-2017-3738", "CVE-2018-2634", "CVE-2018-2602", "CVE-2016-0704", "CVE-2016-6303", "CVE-2018-2670", "CVE-2016-5387", "CVE-2018-2591", "CVE-2017-13081", "CVE-2018-2645", "CVE-2018-2655", "CVE-2017-5645", "CVE-2016-2182", "CVE-2018-2651", "CVE-2018-2608", "CVE-2018-2592", "CVE-2018-2712", "CVE-2018-2665", "CVE-2018-2652", "CVE-2017-12617", "CVE-2018-2657", "CVE-2016-0703", "CVE-2018-2700", "CVE-2015-1472", "CVE-2017-5461", "CVE-2018-2675", "CVE-2018-2671", "CVE-2018-2575", "CVE-2018-2684", "CVE-2015-7940", "CVE-2018-2580", "CVE-2017-3736", "CVE-2018-2704", "CVE-2018-2642", "CVE-2017-13077", "CVE-2018-2702", "CVE-2018-2713", "CVE-2018-2678", "CVE-2018-2622", "CVE-2018-2573", "CVE-2018-2715", "CVE-2018-2595", "CVE-2018-2579", "CVE-2016-2179", "CVE-2017-10068", "CVE-2018-2568", "CVE-2016-2106", "CVE-2018-2576", "CVE-2016-6814", "CVE-2015-7547", "CVE-2018-2614", "CVE-2018-2686", "CVE-2018-2631", "CVE-2015-4852", "CVE-2018-2694", "CVE-2018-2689", "CVE-2018-2719", "CVE-2017-0782", "CVE-2018-2611", "CVE-2018-2683", "CVE-2018-2680", "CVE-2018-2695"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\nThe January 2018 Critical Patch Update provides fixes for certain Oracle products for the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities. Please refer to this Advisory and the [Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown](<https://support.oracle.com/rs?type=doc&id=2347948.1>) MOS note (Doc ID 2347948.1).\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 238 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2338411.1>).\n", "modified": "2018-03-20T00:00:00", "published": "2018-01-16T00:00:00", "id": "ORACLE:CPUJAN2018-3236628", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:55", "bulletinFamily": "software", "cvelist": ["CVE-2007-6750", "CVE-2013-2566", "CVE-2014-0114", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-0293", "CVE-2015-1472", "CVE-2015-2808", "CVE-2015-3195", "CVE-2015-3253", "CVE-2015-4852", "CVE-2015-7501", "CVE-2015-7547", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-2518", "CVE-2016-2550", "CVE-2016-4449", "CVE-2016-5385", "CVE-2016-5387", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-7052", "CVE-2016-7055", "CVE-2016-7977", "CVE-2016-8735", "CVE-2016-9878", "CVE-2017-0781", "CVE-2017-0782", "CVE-2017-0783", "CVE-2017-0785", "CVE-2017-10068", "CVE-2017-10262", "CVE-2017-10273", "CVE-2017-10282", "CVE-2017-10301", "CVE-2017-10352", "CVE-2017-12617", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5461", "CVE-2017-5645", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-9072", "CVE-2017-9798", "CVE-2018-2560", "CVE-2018-2561", "CVE-2018-2562", "CVE-2018-2564", "CVE-2018-2565", "CVE-2018-2566", "CVE-2018-2567", "CVE-2018-2568", "CVE-2018-2569", "CVE-2018-2570", "CVE-2018-2571", "CVE-2018-2573", "CVE-2018-2574", "CVE-2018-2575", "CVE-2018-2576", "CVE-2018-2577", "CVE-2018-2578", "CVE-2018-2579", "CVE-2018-2580", "CVE-2018-2581", "CVE-2018-2582", "CVE-2018-2583", "CVE-2018-2584", "CVE-2018-2585", "CVE-2018-2586", "CVE-2018-2588", "CVE-2018-2589", "CVE-2018-2590", "CVE-2018-2591", "CVE-2018-2592", "CVE-2018-2593", "CVE-2018-2594", "CVE-2018-2595", "CVE-2018-2596", "CVE-2018-2597", "CVE-2018-2599", "CVE-2018-2600", "CVE-2018-2601", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2604", "CVE-2018-2605", "CVE-2018-2606", "CVE-2018-2607", "CVE-2018-2608", "CVE-2018-2609", "CVE-2018-2610", "CVE-2018-2611", "CVE-2018-2612", "CVE-2018-2613", "CVE-2018-2614", "CVE-2018-2615", "CVE-2018-2616", "CVE-2018-2617", "CVE-2018-2618", "CVE-2018-2619", "CVE-2018-2620", "CVE-2018-2621", "CVE-2018-2622", "CVE-2018-2623", "CVE-2018-2624", "CVE-2018-2625", "CVE-2018-2626", "CVE-2018-2627", "CVE-2018-2629", "CVE-2018-2630", "CVE-2018-2631", "CVE-2018-2632", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2635", "CVE-2018-2636", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2640", "CVE-2018-2641", "CVE-2018-2642", "CVE-2018-2643", "CVE-2018-2644", "CVE-2018-2645", "CVE-2018-2646", "CVE-2018-2647", "CVE-2018-2648", "CVE-2018-2649", "CVE-2018-2650", "CVE-2018-2651", "CVE-2018-2652", "CVE-2018-2653", "CVE-2018-2654", "CVE-2018-2655", "CVE-2018-2656", "CVE-2018-2657", "CVE-2018-2658", "CVE-2018-2659", "CVE-2018-2660", "CVE-2018-2661", "CVE-2018-2662", "CVE-2018-2663", "CVE-2018-2664", "CVE-2018-2665", "CVE-2018-2666", "CVE-2018-2667", "CVE-2018-2668", "CVE-2018-2669", "CVE-2018-2670", "CVE-2018-2671", "CVE-2018-2672", "CVE-2018-2673", "CVE-2018-2674", "CVE-2018-2675", "CVE-2018-2676", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2679", "CVE-2018-2680", "CVE-2018-2681", "CVE-2018-2682", "CVE-2018-2683", "CVE-2018-2684", "CVE-2018-2685", "CVE-2018-2686", "CVE-2018-2687", "CVE-2018-2688", "CVE-2018-2689", "CVE-2018-2690", "CVE-2018-2691", "CVE-2018-2692", "CVE-2018-2693", "CVE-2018-2694", "CVE-2018-2695", "CVE-2018-2696", "CVE-2018-2697", "CVE-2018-2698", "CVE-2018-2699", "CVE-2018-2700", "CVE-2018-2701", "CVE-2018-2702", "CVE-2018-2703", "CVE-2018-2704", "CVE-2018-2705", "CVE-2018-2706", "CVE-2018-2707", "CVE-2018-2708", "CVE-2018-2709", "CVE-2018-2710", "CVE-2018-2711", "CVE-2018-2712", "CVE-2018-2713", "CVE-2018-2714", "CVE-2018-2715", "CVE-2018-2716", "CVE-2018-2717", "CVE-2018-2719", "CVE-2018-2720", "CVE-2018-2721", "CVE-2018-2722", "CVE-2018-2723", "CVE-2018-2724", "CVE-2018-2725", "CVE-2018-2726", "CVE-2018-2727", "CVE-2018-2728", "CVE-2018-2729", "CVE-2018-2730", "CVE-2018-2731", "CVE-2018-2732", "CVE-2018-2733"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\nThe January 2018 Critical Patch Update provides fixes for certain Oracle products for the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities. Please refer to this Advisory and the [Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2347948.1>) MOS note (Doc ID 2347948.1).\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 238 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [January 2018 Critical Patch Update: Executive Summary and Analysis.](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2338411.1>)\n", "modified": "2018-03-20T00:00:00", "published": "2018-01-16T00:00:00", "id": "ORACLE:CPUJAN2018", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}