The java-1.7.0-openjdk package on CentOS 5 is missing an update that resolves multiple security issues including bypassing Java sandbox restrictions, arbitrary code execution, and information leakage. The update advises all instances of OpenJDK Java to be restarted
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Tenable Nessus | Oracle Java Update (July 2014) Multiple Vulnerabilities | 23 Jul 201400:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0890) | 17 Jul 201400:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140716) | 17 Jul 201400:00 | – | nessus |
Tenable Nessus | Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2014-0889) | 17 Jul 201400:00 | – | nessus |
Tenable Nessus | CentOS 5 : java-1.7.0-openjdk (CESA-2014:0890) | 17 Jul 201400:00 | – | nessus |
Tenable Nessus | Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:141) | 30 Jul 201400:00 | – | nessus |
Tenable Nessus | Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383) | 12 Oct 201400:00 | – | nessus |
Tenable Nessus | RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2014:0907) | 22 Jul 201400:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2014-0907) | 22 Jul 201400:00 | – | nessus |
Tenable Nessus | CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2014:0907) | 22 Jul 201400:00 | – | nessus |
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.881962");
script_version("2023-07-10T08:07:43+0000");
script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
script_tag(name:"creation_date", value:"2014-07-21 14:28:16 +0530 (Mon, 21 Jul 2014)");
script_cve_id("CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4209", "CVE-2014-4216",
"CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4221", "CVE-2014-4223",
"CVE-2014-4244", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263",
"CVE-2014-4266");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("CentOS Update for java CESA-2014:0890 centos5");
script_tag(name:"affected", value:"java on CentOS 5");
script_tag(name:"insight", value:"The java-1.7.0-openjdk packages provide the OpenJDK 7 Java
Runtime Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"CESA", value:"2014:0890");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2014-July/020414.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'java'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk", rpm:"java-1.7.0-openjdk~1.7.0.65~2.5.1.2.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-demo", rpm:"java-1.7.0-openjdk-demo~1.7.0.65~2.5.1.2.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-devel", rpm:"java-1.7.0-openjdk-devel~1.7.0.65~2.5.1.2.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-javadoc", rpm:"java-1.7.0-openjdk-javadoc~1.7.0.65~2.5.1.2.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-src", rpm:"java-1.7.0-openjdk-src~1.7.0.65~2.5.1.2.el5_10", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo