Vulnerabilities > CVE-2014-2490
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| OS | 1 | |
| Application | 4 |
Nessus
NASL family Windows NASL id ORACLE_JAVA_CPU_JUL_2014.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update 71. It is, therefore, affected by security issues in the following components : - Deployment - Hotspot - JavaFX - JMX - Libraries - Security - Serviceability - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 76532 published 2014-07-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76532 title Oracle Java SE Multiple Vulnerabilities (July 2014 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76532); script_version("1.9"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4208", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4220", "CVE-2014-4221", "CVE-2014-4223", "CVE-2014-4227", "CVE-2014-4244", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4264", "CVE-2014-4265", "CVE-2014-4266", "CVE-2014-4268" ); script_name(english:"Oracle Java SE Multiple Vulnerabilities (July 2014 CPU)"); script_summary(english:"Checks the version of the JRE."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a programming platform that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update 71. It is, therefore, affected by security issues in the following components : - Deployment - Hotspot - JavaFX - JMX - Libraries - Security - Serviceability - Swing"); # http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4743a1ef"); # http://www.oracle.com/technetwork/java/javase/8u11-relnotes-2232915.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81911044"); # https://www.oracle.com/technetwork/java/javase/7u55-relnotes-2177812.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?39cb260f"); # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054"); # https://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84f3023c"); script_set_attribute(attribute:"solution", value: "Update to JDK / JRE 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update 71 or later and, if necessary, remove any affected versions. Note that an extended support contract with Oracle is needed to obtain JDK / JRE 5 Update 71 or later or 6 Update 81 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; unaffected = make_list(); vuln = 0; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; # Fixes : (JDK|JRE) 8 Update 11 / 7 Update 65 / 6 Update 81 / 5 Update 71 if ( ver =~ '^1\\.5\\.0_(0[0-9]|[0-6][0-9]|70)([^0-9]|$)' || ver =~ '^1\\.6\\.0_(0[0-9]|[0-7][0-9]|80)([^0-9]|$)' || ver =~ '^1\\.7\\.0_(0[0-9]|[0-5][0-9]|6[0-4])([^0-9]|$)' || ver =~ '^1\\.8\\.0_(0[0-9]|10)([^0-9]|$)' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.5.0_71 / 1.6.0_81 / 1.7.0_65 / 1.8.0_11\n'; } else unaffected = make_list(unaffected, ver); } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the' + '\n' + 'remote host :' + '\n' + info; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "Oracle Java", unaffected);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2980.NASL description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. last seen 2020-03-17 modified 2014-07-23 plugin id 76689 published 2014-07-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76689 title Debian DSA-2980-1 : openjdk-6 - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2980. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(76689); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-2490", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4244", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4266", "CVE-2014-4268"); script_bugtraq_id(68562, 68583, 68596, 68599, 68615, 68620, 68624, 68636, 68639, 68642, 68645); script_xref(name:"DSA", value:"2980"); script_name(english:"Debian DSA-2980-1 : openjdk-6 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/openjdk-6" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2980" ); script_set_attribute( attribute:"solution", value: "Upgrade the openjdk-6 packages. For the stable distribution (wheezy), these problems have been fixed in version 6b32-1.13.4-1~deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"icedtea-6-jre-cacao", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"icedtea-6-jre-jamvm", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-dbg", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-demo", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-doc", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-jdk", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-jre", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-jre-headless", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-jre-lib", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-jre-zero", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-6-source", reference:"6b32-1.13.4-1~deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201502-12.NASL description The remote host is affected by the vulnerability described in GLSA-201502-12 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81370 published 2015-02-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81370 title GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201502-12. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(81370); script_version("1.4"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2014-0429", "CVE-2014-0432", "CVE-2014-0446", "CVE-2014-0448", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0463", "CVE-2014-0464", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2409", "CVE-2014-2410", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2422", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428", "CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4208", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4220", "CVE-2014-4221", "CVE-2014-4223", "CVE-2014-4227", "CVE-2014-4244", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4264", "CVE-2014-4265", "CVE-2014-4266", "CVE-2014-4268", "CVE-2014-4288", "CVE-2014-6456", "CVE-2014-6457", "CVE-2014-6458", "CVE-2014-6466", "CVE-2014-6468", "CVE-2014-6476", "CVE-2014-6485", "CVE-2014-6492", "CVE-2014-6493", "CVE-2014-6502", "CVE-2014-6503", "CVE-2014-6504", "CVE-2014-6506", "CVE-2014-6511", "CVE-2014-6512", "CVE-2014-6513", "CVE-2014-6515", "CVE-2014-6517", "CVE-2014-6519", "CVE-2014-6527", "CVE-2014-6531", "CVE-2014-6532", "CVE-2014-6558", "CVE-2014-6562"); script_bugtraq_id(66856, 66866, 66870, 66873, 66877, 66879, 66881, 66883, 66886, 66887, 66891, 66893, 66894, 66897, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66908, 66909, 66910, 66911, 66912, 66913, 66914, 66915, 66916, 66917, 66918, 66919, 66920, 68562, 68571, 68576, 68580, 68583, 68590, 68596, 68599, 68603, 68608, 68612, 68615, 68620, 68624, 68626, 68632, 68636, 68639, 68642, 68645, 70456, 70460, 70468, 70470, 70484, 70488, 70507, 70518, 70519, 70522, 70523, 70531, 70533, 70538, 70544, 70548, 70552, 70556, 70560, 70564, 70565, 70567, 70569, 70570, 70572); script_xref(name:"GLSA", value:"201502-12"); script_name(english:"GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201502-12 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201502-12" ); script_set_attribute( attribute:"solution", value: "All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jre-bin-1.7.0.71' All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jdk-bin-1.7.0.71' All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.7.0.71'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jdk-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jre-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-java/oracle-jre-bin", unaffected:make_list("ge 1.7.0.71"), vulnerable:make_list("lt 1.7.0.71"))) flag++; if (qpkg_check(package:"dev-java/oracle-jdk-bin", unaffected:make_list("ge 1.7.0.71"), vulnerable:make_list("lt 1.7.0.71"))) flag++; if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.7.0.71"), vulnerable:make_list("lt 1.7.0.71"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Oracle JRE/JDK"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2987.NASL description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. last seen 2020-03-17 modified 2014-07-26 plugin id 76842 published 2014-07-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76842 title Debian DSA-2987-1 : openjdk-7 - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2987. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(76842); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4221", "CVE-2014-4223", "CVE-2014-4244", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4264", "CVE-2014-4266", "CVE-2014-4268"); script_bugtraq_id(68562, 68571, 68583, 68590, 68596, 68599, 68608, 68612, 68615, 68620, 68624, 68636, 68639, 68642, 68645); script_xref(name:"DSA", value:"2987"); script_name(english:"Debian DSA-2987-1 : openjdk-7 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/openjdk-7" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2987" ); script_set_attribute( attribute:"solution", value: "Upgrade the openjdk-7 packages. For the stable distribution (wheezy), these problems have been fixed in version 7u65-2.5.1-2~deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"icedtea-7-jre-cacao", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"icedtea-7-jre-jamvm", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-dbg", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-demo", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-doc", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jdk", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-headless", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-lib", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-jre-zero", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"openjdk-7-source", reference:"7u65-2.5.1-2~deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL description It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-07-17 plugin id 76552 published 2014-07-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76552 title Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140716) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(76552); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4221", "CVE-2014-4223", "CVE-2014-4244", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4266"); script_name(english:"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140716)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All running instances of OpenJDK Java must be restarted for the update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1407&L=scientific-linux-errata&T=0&P=943 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f4018faf" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.65-2.5.1.2.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-demo-1.7.0.65-2.5.1.2.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-devel-1.7.0.65-2.5.1.2.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-javadoc-1.7.0.65-2.5.1.2.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"java-1.7.0-openjdk-src-1.7.0.65-2.5.1.2.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-387.NASL description It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216 , CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209 , CVE-2014-4218 , CVE-2014-4252 , CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) last seen 2020-06-01 modified 2020-06-02 plugin id 78330 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78330 title Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-387) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-387. # include("compat.inc"); if (description) { script_id(78330); script_version("1.7"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-2490", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4244", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4266"); script_xref(name:"ALAS", value:"2014-387"); script_xref(name:"RHSA", value:"2014:0907"); script_name(english:"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-387)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216 , CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209 , CVE-2014-4218 , CVE-2014-4252 , CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-387.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update java-1.6.0-openjdk' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-1.6.0.0-67.1.13.4.65.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.0-67.1.13.4.65.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-demo-1.6.0.0-67.1.13.4.65.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-devel-1.6.0.0-67.1.13.4.65.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-67.1.13.4.65.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-src-1.6.0.0-67.1.13.4.65.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-772.NASL description This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 (bnc#887530) - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : - gstackbounds.patch - java-1.7.0-openjdk-ppc-zero-jdk.patch - java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea - java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4 : - Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify <init> call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use last seen 2020-06-05 modified 2014-12-16 plugin id 80045 published 2014-12-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80045 title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-772. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(80045); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2402", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2413", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4221", "CVE-2014-4223", "CVE-2014-4244", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4264", "CVE-2014-4266", "CVE-2014-4268"); script_name(english:"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1)"); script_summary(english:"Check for the openSUSE-2014-772 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 (bnc#887530) - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : - gstackbounds.patch - java-1.7.0-openjdk-ppc-zero-jdk.patch - java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea - java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4 : - Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify <init> call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use '<init>' as a method name should elicit NoSuchMethodException - S8001109: arity mismatch on a call to spreader method handle should elicit IllegalArgumentException - S8008118: (process) Possible NULL pointer dereference in jdk/src/solaris/native/java/lang/UNIXProcess_md.c - S8013611: Modal dialog fails to obtain keyboard focus - S8013809: deadlock in SSLSocketImpl between between write and close - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale - S8014460: Need to check for non-empty EXT_LIBS_PATH before using it - S8019853: Break logging and AWT circular dependency - S8019990: IM candidate window appears on the South-East corner of the display. - S8020191: System.getProperty('os.name') returns 'Windows NT (unknown)' on Windows 8.1 - S8022452: Hotspot needs to know about Windows 8.1 and Windows Server 2012 R2 - S8023990: Regression: postscript size increase from 6u18 - S8024283: 10 nashorn tests fail with similar stack trace InternalError with cause being NoClassDefFoundError - S8024616: JSR292: lazily initialize core NamedFunctions used for bootstrapping - S8024648: 7141246 & 8016131 break Zero port (AArch64 only) - S8024830: SEGV in org.apache.lucene.codecs.compressing.CompressingTermVect orsReader.get - S8025588: [macosx] Frozen AppKit thread in 7u40 - S8026404: Logging in Applet can trigger ACE: access denied ('java.lang.RuntimePermission' 'modifyThreadGroup') - S8026705: [TEST_BUG] java/beans/Introspector/TestTypeResolver.java failed - S8027196: Increment minor version of HSx for 7u55 and initialize the build number - S8027212: java/nio/channels/Selector/SelectAfterRead.java fails intermittently - S8028285: RMI Thread can no longer call out to AWT - S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending - S8030655: Regression: 14_01 Security fix 8024306 causes test failures - S8030813: Signed applet fails to load when CRLs are stored in an LDAP directory - S8030822: (tz) Support tzdata2013i - S8031050: (thread) Change Thread initialization so that thread name is set before invoking SecurityManager - S8031075: [Regression] focus disappears with shift+tab on dialog having one focus component - S8031462: Fonts with morx tables are broken with latest ICU fixes - S8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package - S8032740: Need to create SE Embedded Source Bundles in 7 Release - S8033278: Missed access checks for Lookup.unreflect* after 8032585 - S8034772: JDK-8028795 brought a specification change to 7u55 release and caused JCK7 signature test failure - S8035283: Second phase of branch shortening doesn't account for loop alignment - S8035613: With active Securitymanager JAXBContext.newInstance fails - S8035618: Four api/org_omg/CORBA TCK tests fail under plugin only - S8036147: Increment hsx 24.55 build to b02 for 7u55-b11 - S8036786: Update jdk7 testlibrary to match jdk8 - S8036837: Increment hsx 24.55 build to b03 for 7u55-b12 - S8037012: (tz) Support tzdata2014a - S8038306: (tz) Support tzdata2014b - S8038392: Generating prelink cache breaks JAVA 'jinfo' utility normal behavior - S8042264: 7u65 l10n resource file translation update 1 - S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTes t.html fails on Windows x64 - S8042590: Running form URL throws NPE - S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader - S8043012: (tz) Support tzdata2014c - S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. - S8007625: race with nested repos in /common/bin/hgforest.sh - S8011178: improve common/bin/hgforest.sh python detection (MacOS) - S8011342: hgforest.sh : 'python --version' not supported on older python - S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells - S8024200: handle hg wrapper with space after #! - S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations - S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException - S8031477: [macosx] Loading AWT native library fails - S8032370: No 'Truncated file' warning from IIOReadWarningListener on JPEGImageReader - S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed - S8009062: poor performance of JNI AttachCurrentThread after fix for 7017193 - S8035893: JVM_GetVersionInfo fails to zero structure - Re-enable the 'gamma' test at the end of the HotSpot build, but only for HotSpot based bootstrap JDKs. - S8015976: OpenJDK part of bug JDK-8015812 [TEST_BUG] Tests have conflicting test descriptions - S8022698: javax/script/GetInterfaceTest.java fails since 7u45 b04 with -agentvm option - S8022868: missing codepage Cp290 at java runtime - S8023310: Thread contention in the method Beans.IsDesignTime() - S8024461: [macosx] Java crashed on mac10.9 for swing and 2d function manual test - S8025679: Increment minor version of HSx for 7u51 and initialize the build number - S8026037: [TESTBUG] sun/security/tools/jarsigner/warnings.sh test fails on Solaris - S8026304: jarsigner output bad grammar - S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing - S8026887: Make issues due to failed large pages allocations easier to debug - S8027204: Revise the update of 8026204 and 8025758 - S8027224: test regression - ClassNotFoundException - S8027370: Support tzdata2013h - S8027378: Two closed/javax/xml/8005432 fails with jdk7u51b04 - S8027787: 7u51 l10n resource file translation update 1 - S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms - S8027943: serial version of com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHa ndlerImpl changed in 7u45 - S8027944: Increment hsx 24.51 build to b02 for 7u51-b07 - S8028057: Modify jarsigner man page documentation to document CCC 8024302: Clarify jar verifications - S8028090: reverting change - changeset pushed with incorrect commit message, linked to wrong issue - S8028111: XML readers share the same entity expansion counter - S8028215: ORB.init fails with SecurityException if properties select the JDK default ORB - S8028293: Check local configuration for actual ephemeral port range - S8028382: Two javax/xml/8005433 tests still fail after the fix JDK-8028147 - S8028453: AsynchronousSocketChannel.connect() requires SocketPermission due to bind to local address (win) - S8028823: java/net/Makefile tabs converted to spaces - S8029038: Revise fix for XML readers share the same entity expansion counter - S8029842: Increment hsx 24.51 build to b03 for 7u51-b11 - Bug fixes - Fix accidental reversion of PR1188 for armel - PR1781: NSS PKCS11 provider fails to handle multipart AES encryption - PR1830: Drop version requirement for LCMS 2 - PR1833, RH1022017: Report elliptic curves supported by NSS, not the SunEC library - RH905128: [CRASH] OpenJDK-1.7.0 while using NSS security provider and kerberos - PR1393: JPEG support in build is broken on non-system-libjpeg builds - PR1726: configure fails looking for ecj.jar before even trying to find javac - Red Hat local: Fix for repo with path statting with / . - Remove unused hgforest script - PR1101: Undefined symbols on GNU/Linux SPARC - PR1659: OpenJDK 7 returns incorrect TrueType font metrics when bold style is set - PR1677, G498288: Update PaX support to detect running PaX kernel and use newer tools - PR1679: Allow OpenJDK to build on PaX-enabled kernels - PR1684: Build fails with empty PAX_COMMAND - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised fix) - Link against $(LIBDL) if SYSTEM_CUPS is not true - Perform configure checks using ecj.jar when --with-gcj (native ecj build) is enabled. - Fix broken bootstrap build by updating ecj-multicatch.patch - PR1653: Support ppc64le via Zero - PR1654: ppc32 needs a larger ThreadStackSize to build - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError - RH910107: fail to load PC/SC library - ARM32 port - Add arm_port from IcedTea 6 - Add patches/arm.patch from IcedTea 6 - Add patches/arm-debug.patch from IcedTea 6 - Add patches/arm-hsdis.patch from IcedTea 6 - added jvmti event generation for dynamic_generate and compiled_method_load events to ARM JIT compiler - Adjust saved SP when safepointing. - First cut of invokedynamic - Fix trashed thread ptr after recursive re-entry from asm JIT. - JIT-compilation of ldc methodHandle - Rename a bunch of misleadingly-named functions - Changes for HSX22 - Rename a bunch of misleadingly-named functions - Patched method handle adapter code to deal with failures in TCK - Phase 1 - Phase 2 - RTC Thumb2 JIT enhancements. - Zero fails to build in hsx22+, fix for hsx22 after runs gamma OK, hsx23 still nogo. - Use ldrexd for atomic reads on ARMv7. - Use unified syntax for thumb code. - Corrected call from fast_method_handle_entry to CppInterpreter::method_handle_entry so that thread is loaded into r2 - Don't save locals at a return. - Fix call to handle_special_method(). Fix compareAndSwapLong. - Fix JIT bug that miscompiles org.eclipse.ui.internal.contexts.ContextAuthority.source Changed - invokedynamic and aldc for JIT - Modified safepoint check to rely on memory protect signal instead of polling - Minor review cleanups. - PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel - PR1363: Fedora 19 / rawhide FTBFS SIGILL - Changes for HSX23 - Remove fragment from method that has been removed - Remove C++ flags from CC_COMPILE and fix usage in zeroshark.make. - Use $(CC) to compile mkbc instead of $(CC_COMPILE) to avoid C++-only flags - Add note about use of $(CFLAGS)/$(CXXFLAGS)/$(CPPFLAGS) at present. - Override automatic detection of source language for bytecodes_arm.def - Include $(CFLAGS) in assembler stage - PR1626: ARM32 assembler update for hsx24. Use ARM32JIT to turn it on/off. - Replace literal offsets for METHOD_SIZEOFPARAMETERS and ISTATE_NEXT_FRAME with correct symbolic names. - Turn ARM32 JIT on by default - AArch64 port - AArch64 C2 instruct for smull - Add a constructor as a conversion from Register - RegSet. Use it. - Add RegSet::operator+=. - Add support for a few simple intrinsics - Add support for builtin crc32 instructions - Add support for CRC32 intrinsic - Add support for Neon implementation of CRC32 - All address constants are 48 bits in size. - C1: Fix offset overflow when profiling. - Common frame handling for C1/C2 which correctly handle all frame sizes - Correct costs for operations with shifts. - Correct OptoAssembly for prologs and epilogs. - Delete useless instruction. - Don't use any form of _call_VM_leaf when we're calling a stub. - Fast string comparison - Fast String.equals() - Fix a tonne of bogus comments. - Fix biased locking and enable as default - Fix instruction size from 8 to 4 - Fix opto assembly for shifts. - Fix register misuse in verify_method_data_pointer - Fix register usage in generate_verify_oop(). - Implement various locked memory operations. - Improve C1 performance improvements in ic_cache checks - Improve code generation for pop(), as suggested by Edward Nevill. - Improvements to safepoint polling - Make code entry alignment 64 for C2 - Minor optimisation for divide by 2 - New cost model for instruction selection. - Offsets in lookupswitch instructions should be signed. - Optimise addressing of card table byte map base - Optimise C2 entry point verification - Optimise long divide by 2 - Performance improvement and ease of use changes pulled from upstream - Preserve callee save FP registers around call to java code - Remove obsolete C1 patching code. - Remove special-case handling of division arguments. AArch64 doesn't need it. - Remove unnecessary memory barriers around CAS operations - Restore sp from sender sp, r13 in crc32 code - Restrict default ReservedCodeCacheSize to 128M - Rewrite CAS operations to be more conservative - Save intermediate state before removing C1 patching code. - Tidy up register usage in push/pop instructions. - Tidy up stack frame handling. - Use 2- and 3-instruction immediate form of movoop and mov_metadata in C2-generated code. - Use an explicit set of registers rather than a bitmap for psh and pop operations. - Use explicit barrier instructions in C1. - Use gcc __clear_cache instead of doing it ourselves - PR1713: Support AArch64 Port - Shark - Add Shark definitions from 8003868 - Drop compile_method argument removed in 7083786 from sharkCompiler.cpp" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=887530" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00063.html" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1_7_0-openjdk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-accessibility-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-demo-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-devel-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-headless-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-javadoc-1.7.0.55-8.36.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"java-1_7_0-openjdk-src-1.7.0.55-8.36.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk / java-1_7_0-openjdk-accessibility / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-OPENJDK-140721.NASL description This Critical Patch Update contains 20 new security fixes for Oracle Java SE. All of these vulnerabilities could have been remotely exploitable without authentication, i.e., could be exploited over a network without the need for a username and password. last seen 2020-06-05 modified 2014-08-05 plugin id 76998 published 2014-08-05 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76998 title SuSE 11.3 Security Update : openjdk (SAT Patch Number 9543) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-141.NASL description Updated java-1.7.0-openjdk packages fix security vulnerabilities : It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions (CVE-2014-4216, CVE-2014-4219). A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine (CVE-2014-2490). Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483). Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266). It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys (CVE-2014-4244). The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key (CVE-2014-4263). This update is based on IcedTea version 2.5.1, which fixes these issues, as well as several others. last seen 2020-06-01 modified 2020-06-02 plugin id 76887 published 2014-07-30 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76887 title Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:141) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2319-3.NASL description USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-4264) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77724 published 2014-09-17 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77724 title Ubuntu 14.04 LTS : openjdk-7 update (USN-2319-3) NASL family CGI abuses NASL id PUPPET_ENTERPRISE_331.NASL description According to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 3.3.0. Therefore, it contains a bundled version of Oracle Java that is affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 77282 published 2014-08-20 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77282 title Puppet Enterprise 3.3.0 Bundled Oracle Java Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0889.NASL description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76515 published 2014-07-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76515 title RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2014:0889) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2319-1.NASL description Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-4264) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77274 published 2014-08-20 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77274 title Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-2319-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-96.NASL description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For Debian 6 last seen 2020-03-17 modified 2015-03-26 plugin id 82241 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82241 title Debian DLA-96-1 : openjdk-6 security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0907.NASL description From Red Hat Security Advisory 2014:0907 : Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug : * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76631 published 2014-07-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76631 title Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2014-0907) NASL family Windows NASL id VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0012.NASL description The version of VMware vCenter Update Manager installed on the remote Windows host is 5.1 prior to Update 3. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.6.0_81. last seen 2020-06-01 modified 2020-06-02 plugin id 79864 published 2014-12-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79864 title VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0902.NASL description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https:// access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79036 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79036 title RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2014:0902) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0907.NASL description Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug : * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76680 published 2014-07-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76680 title RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2014:0907) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2319-2.NASL description USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the inconvenience. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-4264) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77387 published 2014-08-26 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77387 title Ubuntu 14.04 LTS : openjdk-7 regression (USN-2319-2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2312-1.NASL description Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-4218, CVE-2014-4266) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4252, CVE-2014-4268). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77181 published 2014-08-13 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77181 title Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2312-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0907.NASL description Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug : * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76623 published 2014-07-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76623 title CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2014:0907) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-773.NASL description This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 (bnc#887530) - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : - gstackbounds.patch - java-1.7.0-openjdk-ppc-zero-jdk.patch - java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea - java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4 : - Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify <init> call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances - Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use last seen 2020-06-05 modified 2014-12-16 plugin id 80046 published 2014-12-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80046 title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0890.NASL description From Red Hat Security Advisory 2014:0890 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76548 published 2014-07-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76548 title Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0890) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-383.NASL description It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216 , CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223 , CVE-2014-4262 , CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209 , CVE-2014-4218 , CVE-2014-4221 , CVE-2014-4252 , CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) last seen 2020-06-01 modified 2020-06-02 plugin id 78326 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78326 title Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0890.NASL description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76538 published 2014-07-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76538 title CentOS 5 : java-1.7.0-openjdk (CESA-2014:0890) NASL family Misc. NASL id ORACLE_JAVA_CPU_JUL_2014_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 11, 7 Update 65, 6 Update 81, or 5 Update 71. It is, therefore, affected by security issues in the following components : - Deployment - Hotspot - JavaFX - JMX - Libraries - Security - Serviceability - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 76533 published 2014-07-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76533 title Oracle Java SE Multiple Vulnerabilities (July 2014 CPU) (Unix) NASL family Scientific Linux Local Security Checks NASL id SL_20140721_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL description It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) This update also fixes the following bug : - Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-07-22 plugin id 76681 published 2014-07-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76681 title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/srpm/x86_64 (20140721) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0889.NASL description From Red Hat Security Advisory 2014:0889 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76547 published 2014-07-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76547 title Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2014-0889) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0890.NASL description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76516 published 2014-07-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76516 title RHEL 5 : java-1.7.0-openjdk (RHSA-2014:0890) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0889.NASL description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76537 published 2014-07-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76537 title CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2014:0889) NASL family Scientific Linux Local Security Checks NASL id SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL description It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) All running instances of OpenJDK Java must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-07-17 plugin id 76551 published 2014-07-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76551 title Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140716) NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2014-0012.NASL description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - Due to improper certificate validation when connecting to a CIM server on an ESXi host, an attacker can perform man-in-the-middle attacks. (CVE-2014-8371) - The bundled version of Oracle JRE is prior to 1.6.0_81 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.1 and 5.0 of vCenter but is only fixed in 5.1 Update 3. last seen 2020-06-01 modified 2020-06-02 plugin id 79865 published 2014-12-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79865 title VMware Security Updates for vCenter Server (VMSA-2014-0012)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.debian.org/security/2014/dsa-2980
- http://www.debian.org/security/2014/dsa-2987
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://www.securitytracker.com/id/1030577
- http://www.securityfocus.com/bid/68645
- http://secunia.com/advisories/60812
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60129
- https://access.redhat.com/errata/RHSA-2014:0902
- http://www.securityfocus.com/archive/1/534161/100/0/threaded