Vulnerabilities > CVE-2016-3485 - Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

047910
CVSS 2.9 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
local
high complexity
oracle
nessus

Summary

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-977.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.(util, x509, pkcs) classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don
    last seen2020-06-05
    modified2016-08-16
    plugin id92978
    published2016-08-16
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92978
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-977.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92978);
      script_version("2.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610");
    
      script_name(english:"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)");
      script_summary(english:"Check for the openSUSE-2016-977 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_0-openjdk fixes the following issues :
    
      - Update to 2.6.7 - OpenJDK 7u111
    
      - Security fixes
    
      - S8079718, CVE-2016-3458: IIOP Input Stream Hooking
        (bsc#989732)
    
      - S8145446, CVE-2016-3485: Perfect pipe placement (Windows
        only) (bsc#989734)
    
      - S8147771: Construction of static protection domains
        under Javax custom policy
    
      - S8148872, CVE-2016-3500: Complete name checking
        (bsc#989730)
    
      - S8149962, CVE-2016-3508: Better delineation of XML
        processing (bsc#989731)
    
      - S8150752: Share Class Data
    
      - S8151925: Font reference improvements
    
      - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
    
      - S8155981, CVE-2016-3606: Bolster bytecode verification
        (bsc#989722)
    
      - S8155985, CVE-2016-3598: Persistent Parameter Processing
        (bsc#989723)
    
      - S8158571, CVE-2016-3610: Additional method handle
        validation (bsc#989725)
    
      - CVE-2016-3511 (bsc#989727)
    
      - CVE-2016-3503 (bsc#989728)
    
      - CVE-2016-3498 (bsc#989729)
    
      - Import of OpenJDK 7 u111 build 0
    
      - S6953295: Move few sun.security.(util, x509, pkcs)
        classes used by keytool/jarsigner to another package
    
      - S7060849: Eliminate pack200 build warnings
    
      - S7064075: Security libraries don't build with javac
        -Xlint:all,-deprecation -Werror
    
      - S7069870: Parts of the JDK erroneously rely on generic
        array initializers with diamond
    
      - S7102686: Restructure timestamp code so that jars and
        modules can more easily share the same code
    
      - S7105780: Add SSLSocket client/SSLEngine server to
        templates directory
    
      - S7142339: PKCS7.java is needlessly creating SHA1PRNG
        SecureRandom instances when timestamping is not done
    
      - S7152582: PKCS11 tests should use the NSS libraries
        available in the OS
    
      - S7192202: Make sure keytool prints both unknown and
        unparseable extensions
    
      - S7194449: String resources for Key Tool and Policy Tool
        should be in their respective packages
    
      - S7196855: autotest.sh fails on ubuntu because
        libsoftokn.so not found
    
      - S7200682: TEST_BUG: keytool/autotest.sh still has
        problems with libsoftokn.so
    
      - S8002306: (se) Selector.open fails if invoked with
        thread interrupt status set [win]
    
      - S8009636: JARSigner including TimeStamp PolicyID
        (TSAPolicyID) as defined in RFC3161
    
      - S8019341: Update CookieHttpsClientTest to use the newer
        framework.
    
      - S8022228: Intermittent test failures in
        sun/security/ssl/javax/net/ssl/NewAPIs
    
      - S8022439: Fix lint warnings in sun.security.ec
    
      - S8022594: Potential deadlock in <clinit> of
        sun.nio.ch.Util/IOUtil
    
      - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails
        intermittently
    
      - S8036612: [parfait] JNI exception pending in
        jdk/src/windows/native/sun/security/mscapi/security.cpp
    
      - S8037557: test SessionCacheSizeTests.java timeout
    
      - S8038837: Add support to jarsigner for specifying
        timestamp hash algorithm
    
      - S8079410: Hotspot version to share the same update and
        build version from JDK
    
      - S8130735: javax.swing.TimerQueue: timer fires late when
        another timer starts
    
      - S8139436: sun.security.mscapi.KeyStore might load
        incomplete data
    
      - S8144313: Test SessionTimeOutTests can be timeout
    
      - S8146387: Test SSLSession/SessionCacheSizeTests socket
        accept timed out
    
      - S8146669: Test SessionTimeOutTests fails intermittently
    
      - S8146993: Several javax/management/remote/mandatory
        regression tests fail after JDK-8138811
    
      - S8147857: [TEST] RMIConnector logs attribute names
        incorrectly
    
      - S8151841, PR3098: Build needs additional flags to
        compile with GCC 6
    
      - S8151876: (tz) Support tzdata2016d
    
      - S8157077: 8u101 L10n resource file updates
    
      - S8161262: Fix jdk build with gcc 4.1.2:
        -fno-strict-overflow not known.
    
      - Import of OpenJDK 7 u111 build 1
    
      - S7081817:
        test/sun/security/provider/certpath/X509CertPath/Illegal
        Certificates.java failing
    
      - S8140344: add support for 3 digit update release numbers
    
      - S8145017: Add support for 3 digit hotspot minor version
        numbers
    
      - S8162344: The API changes made by CR 7064075 need to be
        reverted
    
      - Backports
    
      - S2178143, PR2958: JVM crashes if the number of bound
        CPUs changed during runtime
    
      - S4900206, PR3101: Include worst-case rounding tests for
        Math library functions
    
      - S6260348, PR3067: GTK+ L&F JTextComponent not respecting
        desktop caret blink rate
    
      - S6934604, PR3075: enable parts of EliminateAutoBox by
        default
    
      - S7043064, PR3020: sun/java2d/cmm/ tests failed against
        RI b141 & b138-nightly
    
      - S7051394, PR3020: NullPointerException when running
        regression tests LoadProfileTest by using openjdk-7-b144
    
      - S7086015, PR3013: fix
        test/tools/javac/parser/netbeans/JavacParserTest.java
    
      - S7119487, PR3013: JavacParserTest.java test fails on
        Windows platforms
    
      - S7124245, PR3020: [lcms] ColorConvertOp to color space
        CS_GRAY apparently converts orange to 244,244,0
    
      - S7159445, PR3013: (javac) emits inaccurate diagnostics
        for enhanced for-loops
    
      - S7175845, PR1437, RH1207129: 'jar uf' changes file
        permissions unexpectedly
    
      - S8005402, PR3020: Need to provide benchmarks for color
        management
    
      - S8005530, PR3020: [lcms] Improve performance of
        ColorConverOp for default destinations
    
      - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel
        is not transferred from source to destination.
    
      - S8013430, PR3020: REGRESSION:
        closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr
        ofileTest.java fails with
        java.io.StreamCorruptedException: invalid type code: EE
        since 8b87
    
      - S8014286, PR3075: failed java/lang/Math/DivModTests.java
        after 6934604 changes
    
      - S8014959, PR3075:
        assert(Compile::current()->live_nodes() <
        (uint)MaxNodeLimit) failed: Live Node limit exceeded
        limit
    
      - S8019247, PR3075: SIGSEGV in compiled method
        c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object
    
      - S8024511, PR3020: Crash during color profile destruction
    
      - S8025429, PR3020: [parfait] warnings from b107 for
        sun.java2d.cmm: JNI exception pending
    
      - S8026702, PR3020: Fix for 8025429 breaks jdk build on
        windows
    
      - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for
        Java_awt test suit
    
      - S8047066, PR3020: Test
        test/sun/awt/image/bug8038000.java fails with
        ClassCastException
    
      - S8069181, PR3012, RH1015612: java.lang.AssertionError
        when compiling JDK 1.4 code in JDK 8
    
      - S8158260, PR2992, RH1341258: PPC64: unaligned
        Unsafe.getInt can lead to the generation of illegal
        instructions (bsc#988651)
    
      - S8159244, PR3075: Partially initialized string object
        created by C2's string concat optimization may escape
    
      - Bug fixes
    
      - PR2799, RH1195203: Files are missing from resources.jar
    
      - PR2900: Don't use WithSeed versions of NSS functions as
        they don't fully process the seed
    
      - PR3091: SystemTap is heavily confused by multiple JDKs
    
      - PR3102: Extend 8022594 to AixPollPort
    
      - PR3103: Handle case in clean-fonts where
        linux.fontconfig.Gentoo.properties.old has not been
        created
    
      - PR3111: Provide option to disable SystemTap tests
    
      - PR3114: Don't assume system mime.types supports
        text/x-java-source
    
      - PR3115: Add check for elliptic curve cryptography
        implementation
    
      - PR3116: Add tests for Java debug info and source files
    
      - PR3118: Path to agpl-3.0.txt not updated
    
      - PR3119: Makefile handles cacerts as a symlink, but the
        configure check doesn't
    
      - AArch64 port
    
      - S8148328, PR3100: aarch64: redundant lsr instructions in
        stub code.
    
      - S8148783, PR3100: aarch64: SEGV running SpecJBB2013
    
      - S8148948, PR3100: aarch64: generate_copy_longs calls
        align() incorrectly
    
      - S8150045, PR3100: arraycopy causes segfaults in SATB
        during garbage collection
    
      - S8154537, PR3100: AArch64: some integer rotate
        instructions are never emitted
    
      - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess
        loads in wrong mode
    
      - S8157906, PR3100: aarch64: some more integer rotate
        instructions are never emitted
    
      - Enable SunEC for SLE12 and Leap (bsc#982366)
    
      - Fix aarch64 running with 48 bits va space (bsc#984684)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=982366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984684"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=988651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989730"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989734"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_7_0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-accessibility-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-debugsource-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-demo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-devel-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-headless-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-javadoc-1.7.0.111-34.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"java-1_7_0-openjdk-src-1.7.0.111-34.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk-bootstrap / etc");
    }
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_JULY2016_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - A flaw exists in the Libraries subcomponent in the share/classes/java/lang/invoke/MethodHandles.java class within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2016-3598)
    last seen2020-06-01
    modified2020-06-02
    plugin id94970
    published2016-11-18
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94970
    titleAIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94970);
      script_version("1.6");
      script_cvs_date("Date: 2018/07/17 12:00:06");
    
      script_cve_id(
        "CVE-2016-3485",
        "CVE-2016-3511",
        "CVE-2016-3598"
      );
      script_bugtraq_id(
        91918,
        91990
      );
    
      script_name(english:"AIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)");
      script_summary(english:"Checks the version of the Java package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of Java SDK installed on the remote AIX host is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Java SDK installed on the remote AIX host is affected
    by multiple vulnerabilities in the following subcomponents :
    
      - An unspecified flaw exists in the Networking
        subcomponent that allows a local attacker to impact
        integrity. (CVE-2016-3485)
    
      - An unspecified flaw exists in the Deployment
        subcomponent that allows a local attacker to gain
        elevated privileges. (CVE-2016-3511)
    
      - A flaw exists in the Libraries subcomponent in the
        share/classes/java/lang/invoke/MethodHandles.java class
        within the MethodHandles::dropArguments() function that
        allows an unauthenticated, remote attacker to impact
        confidentiality, integrity, and availability.
        (CVE-2016-3598)");
      # http://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?46a051b3");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce533d8f");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?17d05c61");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4595696");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9abd5252");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ee03dc1");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f7a066c");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52d4ddf3");
      # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
      # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?343fa903");
      script_set_attribute(attribute:"solution", value:
    "Fixes are available by version and can be downloaded from the IBM AIX
    website.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/18");
    
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"AIX Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
    
      exit(0);
    }
    
    include("aix.inc");
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    oslevel = get_kb_item_or_exit("Host/AIX/version");
    if ( oslevel != "AIX-5.3" && oslevel != "AIX-6.1" && oslevel != "AIX-7.1" && oslevel != "AIX-7.2" )
    {
      oslevel = ereg_replace(string:oslevel, pattern:"-", replace:" ");
      audit(AUDIT_OS_NOT, "AIX 5.3 / 6.1 / 7.1 / 7.2", oslevel);
    }
    
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    #Java6 6.0.0.585
    if (aix_check_package(release:"5.3", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    if (aix_check_package(release:"5.3", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.584", fixpackagever:"6.0.0.585") > 0) flag++;
    
    #Java7 7.0.0.450
    if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.449", fixpackagever:"7.0.0.450") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.449", fixpackagever:"7.0.0.450") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.449", fixpackagever:"7.0.0.450") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.449", fixpackagever:"7.0.0.450") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.449", fixpackagever:"7.0.0.450") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.449", fixpackagever:"7.0.0.450") > 0) flag++;
    
    #Java7.1 7.1.0.350
    if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.349", fixpackagever:"7.1.0.350") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.349", fixpackagever:"7.1.0.350") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.349", fixpackagever:"7.1.0.350") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.349", fixpackagever:"7.1.0.350") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.349", fixpackagever:"7.1.0.350") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.349", fixpackagever:"7.1.0.350") > 0) flag++;
    
    #Java8.0 8.0.0.310
    if (aix_check_package(release:"6.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.309", fixpackagever:"8.0.0.310") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.309", fixpackagever:"8.0.0.310") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.309", fixpackagever:"8.0.0.310") > 0) flag++;
    if (aix_check_package(release:"6.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.309", fixpackagever:"8.0.0.310") > 0) flag++;
    if (aix_check_package(release:"7.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.309", fixpackagever:"8.0.0.310") > 0) flag++;
    if (aix_check_package(release:"7.2", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.309", fixpackagever:"8.0.0.310") > 0) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : aix_report_get()
      );
    }
    else
    {
      tested = aix_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Java6 / Java7 / Java8");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2012-1.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25) : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 - Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn
    last seen2020-06-01
    modified2020-06-02
    plugin id93281
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93281
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201610-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201610-08 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle&rsquo;s JRE and JDK. Please review the referenced CVE&rsquo;s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id94085
    published2016-10-17
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94085
    titleGLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2261-1.NASL
    descriptionIBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93373
    published2016-09-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93373
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2261-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-43.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-43 (IcedTea: Multiple vulnerabilities) Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. Impact : Remote attackers may execute arbitrary code, compromise information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96640
    published2017-01-20
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96640
    titleGLSA-201701-43 : IcedTea: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2726-1.NASL
    descriptionIBM Java 8 was updated to version 8.0-3.10 to fix the following security issues : - CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking - CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via vectors related to Deployment - CVE-2016-3598: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94609
    published2016-11-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94609
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:2726-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-982.NASL
    descriptionUpdate to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729)
    last seen2020-06-05
    modified2016-08-17
    plugin id92992
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92992
    titleopenSUSE Security Update : OpenJDK7 (openSUSE-2016-982)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2347-1.NASL
    descriptionIBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93646
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93646
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2347-1)
  • NASL familyWindows
    NASL idORACLE_JROCKIT_CPU_JUL_2016.NASL
    descriptionThe version of Oracle JRockit installed on the remote Windows host is 28.3.10. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - Multiple unspecified flaws exist in the JAXP subcomponent that allow an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500, CVE-2016-3508)
    last seen2020-06-01
    modified2020-06-02
    plugin id92492
    published2016-07-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92492
    titleOracle JRockit R28.3.10 Multiple Vulnerabilities (July 2016 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1997-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don
    last seen2020-06-01
    modified2020-06-02
    plugin id93272
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93272
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-944.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25) : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (boo#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (boo#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (boo#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (boo#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (boo#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (boo#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (boo#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (boo#989723) - S8158571, CVE-2016-3610: Additional method handle validation (boo#989725) - CVE-2016-3552 (boo#989726) - CVE-2016-3511 (boo#989727) - CVE-2016-3503 (boo#989728) - CVE-2016-3498 (boo#989729) - New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 - Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn
    last seen2020-06-05
    modified2016-08-08
    plugin id92774
    published2016-08-08
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92774
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-978.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25) : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 - Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn
    last seen2020-06-05
    modified2016-08-16
    plugin id92979
    published2016-08-16
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92979
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2348-1.NASL
    descriptionIBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93647
    published2016-09-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93647
    titleSUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2348-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2286-1.NASL
    descriptionIBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93458
    published2016-09-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93458
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:2286-1)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_JUL_2016_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458) - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3508) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3552) - A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic() function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587) - A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598) - A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)
    last seen2020-06-01
    modified2020-06-02
    plugin id92517
    published2016-07-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92517
    titleOracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-976.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.(util, x509, pkcs) classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don
    last seen2020-06-05
    modified2016-08-12
    plugin id92932
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92932
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_JUL_2016.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458) - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3508) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3552) - A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic() function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587) - A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598) - A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)
    last seen2020-06-01
    modified2020-06-02
    plugin id92516
    published2016-07-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92516
    titleOracle Java SE Multiple Vulnerabilities (July 2016 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2430-1.NASL
    descriptionIBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119980
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119980
    titleSUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)

References