Vulnerabilities > CVE-2016-9843

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Vulnerable Configurations

Part Description Count
Application
Zlib
44
Application
Oracle
149
Application
Redhat
1
Application
Netapp
11
Application
Mariadb
134
Application
Nodejs
65
OS
Opensuse
3
OS
Debian
1
OS
Canonical
2
OS
Redhat
8
OS
Apple
364

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0021.NASL
    descriptionAn update of [zlib,bindutils,ruby,krb5,sudo] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111870
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111870
    titlePhoton OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0021. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111870);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id(
        "CVE-2016-2776",
        "CVE-2016-3120",
        "CVE-2016-9841",
        "CVE-2016-9843",
        "CVE-2016-1000368",
        "CVE-2017-9224",
        "CVE-2017-9225",
        "CVE-2017-9227",
        "CVE-2017-9229",
        "CVE-2017-1000367",
        "CVE-2017-1000368"
      );
    
      script_name(english:"Photon OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of [zlib,bindutils,ruby,krb5,sudo] packages for PhotonOS has
    been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-51
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11072ed6");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2776");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bindutils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sudo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "bindutils-9.10.4-2.ph1",
      "bindutils-debuginfo-9.10.4-2.ph1",
      "krb5-1.14-6.ph1",
      "krb5-debuginfo-1.14-6.ph1",
      "ruby-2.4.0-3.ph1",
      "ruby-debuginfo-2.4.0-3.ph1",
      "sudo-1.8.20p2-1.ph1",
      "sudo-debuginfo-1.8.20p2-1.ph1",
      "zlib-1.2.8-5.ph1",
      "zlib-debuginfo-1.2.8-5.ph1",
      "zlib-devel-1.2.8-5.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bindutils / krb5 / ruby / sudo / zlib");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1386-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues: Version update bsc#1038505 : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100377
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100377
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:1386-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100377);
      script_version("3.9");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544");
    
      script_name(english:"SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_8_0-ibm fixes the following issues: Version
    update bsc#1038505 :
    
      - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in
        inftrees.c
    
      - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in
        inffast.c
    
      - CVE-2016-9842: zlib: Undefined left shift of negative
        number
    
      - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer
    
      - CVE-2017-3544: OpenJDK: newline injection in the SMTP
        client
    
      - CVE-2017-3509: OpenJDK: improper re-use of NTLM
        authenticated connections
    
      - CVE-2017-3511: OpenJDK: untrusted extension directories
        search path in Launcher
    
      - CVE-2017-3533: OpenJDK: newline injection in the FTP
        client
    
      - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification
    
      - CVE-2017-1289: IBM JDK: XML External Entity Injection
        (XXE) error when processing XML data
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038505"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9840/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9841/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9842/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9843/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1289/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3509/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3511/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3533/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3539/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3544/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20171386-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b1e96fe3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-844=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-844=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2017-844=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-844=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-alsa-1.8.0_sr4.5-29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-plugin-1.8.0_sr4.5-29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-ibm-1.8.0_sr4.5-29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_8_0-ibm-1.8.0_sr4.5-29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_8_0-ibm-alsa-1.8.0_sr4.5-29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_8_0-ibm-plugin-1.8.0_sr4.5-29.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_8_0-ibm");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-56.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-56 (zlib: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96691
    published2017-01-23
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96691
    titleGLSA-201701-56 : zlib: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201701-56.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96691);
      script_version("$Revision: 3.4 $");
      script_cvs_date("$Date: 2018/01/26 17:15:57 $");
    
      script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843");
      script_xref(name:"GLSA", value:"201701-56");
    
      script_name(english:"GLSA-201701-56 : zlib: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201701-56
    (zlib: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in zlib. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        An attacker could cause a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201701-56"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All zlib users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=sys-libs/zlib-1.2.9'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:zlib");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"sys-libs/zlib", unaffected:make_list("ge 1.2.9"), vulnerable:make_list("lt 1.2.9"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zlib");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1221.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)
    last seen2020-06-01
    modified2020-06-02
    plugin id100118
    published2017-05-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100118
    titleRHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:1221. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100118);
      script_version("3.12");
      script_cvs_date("Date: 2019/10/24 15:35:43");
    
      script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544");
      script_xref(name:"RHSA", value:"2017:1221");
    
      script_name(english:"RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for java-1.7.1-ibm is now available for Red Hat Enterprise
    Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    IBM Java SE version 7 Release 1 includes the IBM Java Runtime
    Environment and the IBM Java Software Development Kit.
    
    This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5.
    
    Security Fix(es) :
    
    * This update fixes multiple vulnerabilities in the IBM Java Runtime
    Environment and the IBM Java Software Development Kit. Further
    information about these flaws can be found on the IBM Java Security
    Vulnerabilities page, listed in the References section.
    (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843,
    CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533,
    CVE-2017-3539, CVE-2017-3544)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:1221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-1289"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3533"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-3544"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:1221";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9")) flag++;
    
    
      if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-14.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes : - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-01-10
    plugin id105714
    published2018-01-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105714
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-14.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105714);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10165", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243", "CVE-2017-10274", "CVE-2017-10281", "CVE-2017-10285", "CVE-2017-10295", "CVE-2017-10345", "CVE-2017-10346", "CVE-2017-10347", "CVE-2017-10348", "CVE-2017-10349", "CVE-2017-10350", "CVE-2017-10355", "CVE-2017-10356", "CVE-2017-10357", "CVE-2017-10388");
    
      script_name(english:"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)");
      script_summary(english:"Check for the openSUSE-2018-14 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_0-openjdk fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2017-10356: Fix issue inside subcomponent Security
        (bsc#1064084).
    
      - CVE-2017-10274: Fix issue inside subcomponent Smart Card
        IO (bsc#1064071).
    
      - CVE-2017-10281: Fix issue inside subcomponent
        Serialization (bsc#1064072).
    
      - CVE-2017-10285: Fix issue inside subcomponent RMI
        (bsc#1064073).
    
      - CVE-2017-10295: Fix issue inside subcomponent Networking
        (bsc#1064075).
    
      - CVE-2017-10388: Fix issue inside subcomponent Libraries
        (bsc#1064086).
    
      - CVE-2017-10346: Fix issue inside subcomponent Hotspot
        (bsc#1064078).
    
      - CVE-2017-10350: Fix issue inside subcomponent JAX-WS
        (bsc#1064082).
    
      - CVE-2017-10347: Fix issue inside subcomponent
        Serialization (bsc#1064079).
    
      - CVE-2017-10349: Fix issue inside subcomponent JAXP
        (bsc#1064081).
    
      - CVE-2017-10345: Fix issue inside subcomponent
        Serialization (bsc#1064077).
    
      - CVE-2017-10348: Fix issue inside subcomponent Libraries
        (bsc#1064080).
    
      - CVE-2017-10357: Fix issue inside subcomponent
        Serialization (bsc#1064085).
    
      - CVE-2017-10355: Fix issue inside subcomponent Networking
        (bsc#1064083).
    
      - CVE-2017-10102: Fix incorrect handling of references in
        DGC (bsc#1049316).
    
      - CVE-2017-10053: Fix reading of unprocessed image data in
        JPEGImageReader (bsc#1049305).
    
      - CVE-2017-10067: Fix JAR verifier incorrect handling of
        missing digest (bsc#1049306).
    
      - CVE-2017-10081: Fix incorrect bracket processing in
        function signature handling (bsc#1049309).
    
      - CVE-2017-10087: Fix insufficient access control checks
        in ThreadPoolExecutor (bsc#1049311).
    
      - CVE-2017-10089: Fix insufficient access control checks
        in ServiceRegistry (bsc#1049312).
    
      - CVE-2017-10090: Fix insufficient access control checks
        in AsynchronousChannelGroupImpl (bsc#1049313).
    
      - CVE-2017-10096: Fix insufficient access control checks
        in XML transformations (bsc#1049314).
    
      - CVE-2017-10101: Fix unrestricted access to
        com.sun.org.apache.xml.internal.resolver (bsc#1049315).
    
      - CVE-2017-10107: Fix insufficient access control checks
        in ActivationID (bsc#1049318).
    
      - CVE-2017-10074: Fix integer overflows in range check
        loop predicates (bsc#1049307).
    
      - CVE-2017-10110: Fix insufficient access control checks
        in ImageWatched (bsc#1049321).
    
      - CVE-2017-10108: Fix unbounded memory allocation in
        BasicAttribute deserialization (bsc#1049319).
    
      - CVE-2017-10109: Fix unbounded memory allocation in
        CodeSource deserialization (bsc#1049320).
    
      - CVE-2017-10115: Fix unspecified vulnerability in
        subcomponent JCE (bsc#1049324).
    
      - CVE-2017-10118: Fix ECDSA implementation timing attack
        (bsc#1049326).
    
      - CVE-2017-10116: Fix LDAPCertStore following referrals to
        non-LDAP URL (bsc#1049325).
    
      - CVE-2017-10135: Fix PKCS#8 implementation timing attack
        (bsc#1049328).
    
      - CVE-2017-10176: Fix incorrect handling of certain EC
        points (bsc#1049329).
    
      - CVE-2017-10074: Fix integer overflows in range check
        loop predicates (bsc#1049307).
    
      - CVE-2017-10074: Fix integer overflows in range check
        loop predicates (bsc#1049307).
    
      - CVE-2017-10111: Fix checks in LambdaFormEditor
        (bsc#1049322).
    
      - CVE-2017-10243: Fix unspecified vulnerability in
        subcomponent JAX-WS (bsc#1049332).
    
      - CVE-2017-10125: Fix unspecified vulnerability in
        subcomponent deployment (bsc#1049327).
    
      - CVE-2017-10114: Fix unspecified vulnerability in
        subcomponent JavaFX (bsc#1049323).
    
      - CVE-2017-10105: Fix unspecified vulnerability in
        subcomponent deployment (bsc#1049317).
    
      - CVE-2017-10086: Fix unspecified in subcomponent JavaFX
        (bsc#1049310).
    
      - CVE-2017-10198: Fix incorrect enforcement of certificate
        path restrictions (bsc#1049331).
    
      - CVE-2017-10193: Fix incorrect key size constraint check
        (bsc#1049330).
    
    Bug fixes :
    
      - Drop Exec Shield workaround to fix crashes on recent
        kernels, where Exec Shield is gone (bsc#1052318).
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049310"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049321"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049326"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049328"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049332"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064072"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064079"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064086"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_7_0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-accessibility-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-devel-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-headless-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-demo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-devel-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-headless-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-javadoc-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-src-1.7.0.161-42.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-accessibility-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-devel-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-headless-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-demo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-devel-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-headless-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-javadoc-1.7.0.161-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"java-1_7_0-openjdk-src-1.7.0.161-45.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk-bootstrap / etc");
    }
    
  • NASL familyDatabases
    NASL idMARIADB_10_2_19.NASL
    descriptionThe version of MariaDB running of remote host is 10.2.0 prior to 10.2.19. It is, therefore, affected by multiple vulnerabilities
    last seen2020-05-31
    modified2019-01-25
    plugin id121394
    published2019-01-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121394
    titleMariaDB 10.2.0 < 10.2.19 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121394);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/25");
    
      script_cve_id(
        "CVE-2016-9843",
        "CVE-2018-3143",
        "CVE-2018-3156",
        "CVE-2018-3162",
        "CVE-2018-3173",
        "CVE-2018-3174",
        "CVE-2018-3185",
        "CVE-2018-3200",
        "CVE-2018-3251",
        "CVE-2018-3277",
        "CVE-2018-3282",
        "CVE-2018-3284"
      );
      script_bugtraq_id(
        95131,
        105594,
        105600,
        105610,
        105612
      );
    
      script_name(english:"MariaDB 10.2.0 < 10.2.19 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of Mariadb.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The version of MariaDB running of remote host is 10.2.0 prior to
    10.2.19. It is, therefore, affected by multiple vulnerabilities");
      script_set_attribute(attribute:"see_also", value:"https://lists.askmonty.org/cgi-bin/mailman/listinfo/announce");
      script_set_attribute(attribute:"see_also", value:"https://mariadb.org/mariadb-10-2-19-now-available");
      script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mdb-10219-rn");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3143");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3156");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3162");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3173");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3185");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3200");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3251");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3277");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282");
      script_set_attribute(attribute:"see_also", value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3284");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-12023");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-12547");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-12837");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-13564");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-13671");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-14585");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-14717");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-16980");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17073");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17215");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17230");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17289");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17433");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17491");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17531");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17532");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17541");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17545");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17546");
      script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-17548");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MariaDB version 10.2.19 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9843");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/25");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
       script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(variant: 'MariaDB', min:'10.2.0-MariaDB', fixed:make_list('10.2.19-MariaDB'), severity:SECURITY_HOLE);
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0004-1.NASL
    descriptionThis update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96266
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96266
    titleSUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0004-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0004-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96266);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0004-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for zlib fixes the following issues :
    
      - CVE-2016-9843: Big-endian out-of-bounds pointer
        (bsc#1013882)
    
      - CVE-2016-9842: Undefined Left Shift of Negative Number
        (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds
        pointer arithmetic in inftrees.c (bsc#1003579)
        Incompatible declarations for external linkage function
        deflate (bsc#1003577)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9840/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9841/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9842/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9843/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170004-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f4a24ec8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-3=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-3=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2017-3=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libz1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libz1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:zlib-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libz1-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libz1-debuginfo-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"zlib-debugsource-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libz1-32bit-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libz1-debuginfo-32bit-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libz1-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libz1-32bit-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libz1-debuginfo-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libz1-debuginfo-32bit-1.2.8-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"zlib-debugsource-1.2.8-6.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zlib");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1116.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282)
    last seen2020-06-10
    modified2018-12-07
    plugin id119475
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119475
    titleAmazon Linux AMI : mysql55 (ALAS-2018-1116)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1116.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119475);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09");
    
      script_cve_id("CVE-2016-9843", "CVE-2018-3133", "CVE-2018-3174", "CVE-2018-3282");
      script_xref(name:"ALAS", value:"2018-1116");
    
      script_name(english:"Amazon Linux AMI : mysql55 (ALAS-2018-1116)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Vulnerability in the MySQL Server component of Oracle MySQL
    (subcomponent: Client programs). Supported versions that are affected
    are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12
    and prior. Difficult to exploit vulnerability allows high privileged
    attacker with logon to the infrastructure where MySQL Server executes
    to compromise MySQL Server. While the vulnerability is in MySQL
    Server, attacks may significantly impact additional products.
    Successful attacks of this vulnerability can result in unauthorized
    ability to cause a hang or frequently repeatable crash (complete DOS)
    of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS
    Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174)
    
    Vulnerability in the MySQL Server component of Oracle MySQL
    (subcomponent: Server: Parser). Supported versions that are affected
    are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12
    and prior. Easily exploitable vulnerability allows low privileged
    attacker with network access via multiple protocols to compromise
    MySQL Server. Successful attacks of this vulnerability can result in
    unauthorized ability to cause a hang or frequently repeatable crash
    (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability
    impacts). CVSS Vector:
    (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133)
    
    The crc32_big function in crc32.c in zlib 1.2.8 might allow
    context-dependent attackers to have unspecified impact via vectors
    involving big-endian CRC calculation.(CVE-2016-9843)
    
    Vulnerability in the MySQL Server component of Oracle MySQL
    (subcomponent: Server: Storage Engines). Supported versions that are
    affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and
    8.0.12 and prior. Easily exploitable vulnerability allows high
    privileged attacker with network access via multiple protocols to
    compromise MySQL Server. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score
    4.9 (Availability impacts). CVSS Vector:
    (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-1116.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Run 'yum update mysql55' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql-config");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"mysql-config-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-bench-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-debuginfo-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-devel-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-embedded-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-embedded-devel-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-libs-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-server-5.5.62-1.23.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-test-5.5.62-1.23.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-46.NASL
    descriptionThis update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) - Incompatible declarations for external linkage function deflate (bsc#1003577) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96376
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96376
    titleopenSUSE Security Update : zlib (openSUSE-2017-46)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-46.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96376);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843");
    
      script_name(english:"openSUSE Security Update : zlib (openSUSE-2017-46)");
      script_summary(english:"Check for the openSUSE-2017-46 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for zlib fixes the following issues :
    
      - CVE-2016-9843: Big-endian out-of-bounds pointer
    
      - CVE-2016-9842: Undefined Left Shift of Negative Number
        (bsc#1003580) 
    
      - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer
        arithmetic in inftrees.c (bsc#1003579)
    
      - Incompatible declarations for external linkage function
        deflate (bsc#1003577)
    
    This update was imported from the SUSE:SLE-12-SP2:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1003577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1003579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1003580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013882"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected zlib packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libminizip1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libminizip1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libz1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libz1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libz1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libz1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:minizip-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zlib-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zlib-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zlib-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zlib-devel-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zlib-devel-static-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"libminizip1-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libminizip1-debuginfo-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libz1-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libz1-debuginfo-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"minizip-devel-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"zlib-debugsource-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"zlib-devel-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"zlib-devel-static-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libz1-32bit-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libz1-debuginfo-32bit-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"zlib-devel-32bit-1.2.8-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"zlib-devel-static-32bit-1.2.8-10.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libminizip1 / libminizip1-debuginfo / libz1 / libz1-32bit / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-327.NASL
    descriptionThis update for mariadb to version 10.2.22 fixes the following issues : Security issues fixed : - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404) - CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386) - CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security issues fixed : - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). - Maria DB testsuite - test main.plugin_auth failed (bsc#1111859) - Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858) - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - Database corruption after renaming a prefix-indexed column (bsc#1120041) Release notes and changelog : - https://mariadb.com/kb/en/library/mariadb-10222-release-notes - https://mariadb.com/kb/en/library/mariadb-10222-changelog/ This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122849
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122849
    titleopenSUSE Security Update : mariadb (openSUSE-2019-327)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-327.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122849);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/05");
    
      script_cve_id("CVE-2016-9843", "CVE-2018-3058", "CVE-2018-3060", "CVE-2018-3063", "CVE-2018-3064", "CVE-2018-3066", "CVE-2018-3143", "CVE-2018-3156", "CVE-2018-3162", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3185", "CVE-2018-3200", "CVE-2018-3251", "CVE-2018-3277", "CVE-2018-3282", "CVE-2018-3284", "CVE-2019-2510", "CVE-2019-2537");
    
      script_name(english:"openSUSE Security Update : mariadb (openSUSE-2019-327)");
      script_summary(english:"Check for the openSUSE-2019-327 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for mariadb to version 10.2.22 fixes the following 
    issues :
    
    Security issues fixed :
    
      - CVE-2019-2510: Fixed a vulnerability which can lead to
        MySQL compromise and lead to Denial of Service
        (bsc#1122198). 
    
      - CVE-2019-2537: Fixed a vulnerability which can lead to
        MySQL compromise and lead to Denial of Service
        (bsc#1122198).
    
      - CVE-2018-3284: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112377)
    
      - CVE-2018-3282: Server Storage Engines unspecified
        vulnerability (CPU Oct 2018) (bsc#1112432)
    
      - CVE-2018-3277: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112391)
    
      - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct
        2018) (bsc#1112397)
    
      - CVE-2018-3200: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112404)
    
      - CVE-2018-3185: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112384)
    
      - CVE-2018-3174: Client programs unspecified vulnerability
        (CPU Oct 2018) (bsc#1112368)
    
      - CVE-2018-3173: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112386)
    
      - CVE-2018-3162: Fixed InnoDB unspecified vulnerability
        (CPU Oct 2018) (bsc#1112415)
    
      - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct
        2018) (bsc#1112417)
    
      - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct
        2018) (bsc#1112421)
    
      - CVE-2018-3066: Unspecified vulnerability in the MySQL
        Server component of Oracle MySQL (subcomponent Server
        Options). (bsc#1101678)
    
      - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul
        2018) (bsc#1103342)
    
      - CVE-2018-3063: Unspecified vulnerability in the MySQL
        Server component of Oracle MySQL (subcomponent Server
        Security Privileges). (bsc#1101677)
    
      - CVE-2018-3058: Unspecified vulnerability in the MySQL
        Server component of Oracle MySQL (subcomponent MyISAM).
        (bsc#1101676)
    
      - CVE-2016-9843: Big-endian out-of-bounds pointer
        (bsc#1013882)
    
    Non-security issues fixed :
    
      - Fixed an issue where mysl_install_db fails due to
        incorrect basedir (bsc#1127027).
    
      - Fixed an issue where the lograte was not working
        (bsc#1112767).
    
      - Backport Information Schema CHECK_CONSTRAINTS Table.
    
      - Maximum value of table_definition_cache is now 2097152.
    
      - InnoDB ALTER TABLE fixes.
    
      - Galera crash recovery fixes.
    
      - Encryption fixes.
    
      - Remove xtrabackup dependency as MariaDB ships a build in
        mariabackup so xtrabackup is not needed (bsc#1122475).
    
      - Maria DB testsuite - test main.plugin_auth failed
        (bsc#1111859)
    
      - Maria DB testsuite - test encryption.second_plugin-12863
        failed (bsc#1111858)
    
      - Remove PerconaFT from the package as it has AGPL licence
        (bsc#1118754)
    
      - remove PerconaFT from the package as it has AGPL licence
        (bsc#1118754)
    
      - Database corruption after renaming a prefix-indexed
        column (bsc#1120041)
    
    Release notes and changelog :
    
    - https://mariadb.com/kb/en/library/mariadb-10222-release-notes
    
    - https://mariadb.com/kb/en/library/mariadb-10222-changelog/
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101676"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111859"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112417"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112421"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118754"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122198"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127027"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-10222-changelog/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-10222-release-notes"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld19");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld19-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-errormessages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-galera");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libmysqld-devel-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libmysqld19-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libmysqld19-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-bench-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-bench-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-client-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-client-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-debugsource-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-errormessages-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-galera-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-test-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-test-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-tools-10.2.22-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"mariadb-tools-debuginfo-10.2.22-lp150.2.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqld-devel / libmysqld19 / libmysqld19-debuginfo / mariadb / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0119-1.NASL
    descriptionThis update for mariadb to version 10.2.19 fixes the following issues: (bsc#1116686) Security issues fixed : CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156, CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162, CVE-2018-3173, CVE-2018-3200, CVE-2018-3284: Fixed multiple denial of service vulnerabilities (bsc#1112432, bsc#1112368, bsc#1112421, bsc#1112417, bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386, bsc#1112404, bsc#1112377, bsc#1112384) Non-security issues fixed: Fixed database corruption after renaming a prefix-indexed column (bsc#1120041) Remove PerconaFT from the package as it has a AGPL license (bsc#1118754) Enable testing for client plugins (bsc#1111859) Improve test coverage by keeping debug_key_management.so (bsc#1111858) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-22
    plugin id121294
    published2019-01-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121294
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2019:0119-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0119-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121294);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2016-9843", "CVE-2018-3143", "CVE-2018-3156", "CVE-2018-3162", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3185", "CVE-2018-3200", "CVE-2018-3251", "CVE-2018-3277", "CVE-2018-3282", "CVE-2018-3284");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2019:0119-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for mariadb to version 10.2.19 fixes the following issues:
    (bsc#1116686)
    
    Security issues fixed :
    
    CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)
    
    CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156,
    CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162,
    CVE-2018-3173, CVE-2018-3200, CVE-2018-3284: Fixed multiple denial of
    service vulnerabilities (bsc#1112432, bsc#1112368, bsc#1112421,
    bsc#1112417, bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386,
    bsc#1112404, bsc#1112377, bsc#1112384)
    
    Non-security issues fixed: Fixed database corruption after renaming a
    prefix-indexed column (bsc#1120041)
    
    Remove PerconaFT from the package as it has a AGPL license
    (bsc#1118754)
    
    Enable testing for client plugins (bsc#1111859)
    
    Improve test coverage by keeping debug_key_management.so (bsc#1111858)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111859"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112417"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112421"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1116686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1118754"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9843/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3143/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3156/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3162/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3173/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3174/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3185/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3200/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3251/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3277/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3282/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-3284/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190119-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ee1cacb5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-119=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-119=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-client-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-client-debuginfo-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-debuginfo-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-debugsource-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-tools-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"mariadb-tools-debuginfo-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-client-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-client-debuginfo-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-debuginfo-10.2.21-3.7.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mariadb-debugsource-10.2.21-3.7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2999.NASL
    descriptionAn update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)
    last seen2020-06-01
    modified2020-06-02
    plugin id104116
    published2017-10-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104116
    titleRHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0005-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues: Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes : - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105538
    published2018-01-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105538
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1385-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100376
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100376
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1385-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_13.NASL
    descriptionThe remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id103598
    published2017-10-03
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103598
    titlemacOS < 10.13 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4211-1.NASL
    descriptionThis update for mariadb fixes the following issues : Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed : CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) do not just remove tokudb plugin but don
    last seen2020-03-26
    modified2018-12-24
    plugin id119869
    published2018-12-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119869
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:4211-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-242F6C1A41.NASL
    description**MariaDB 10.3.11** Release notes : https://mariadb.com/kb/en/mariadb-10311-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120294
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120294
    titleFedora 29 : 3:mariadb (2018-242f6c1a41)
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_APR2017_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - Multiple vulnerabilities exist in the zlib subcomponent that allow an unauthenticated, remote attacker to trigger denial of service conditions. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) - An unspecified flaw exists in the XML subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-1289) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3509) - An unspecified flaw exists in the JCE subcomponent that allows a local attacker to gain elevated privileges. This vulnerability does not affect Java SE version 6. (CVE-2017-3511) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. This vulnerability does not affect Java SE version 6. (CVE-2017-3512) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3514) - Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3533, CVE-2017-3544) - An unspecified flaw exists in the Security subcomponent that allows an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3539)
    last seen2020-06-01
    modified2020-06-02
    plugin id103189
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103189
    titleAIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0003-1.NASL
    descriptionThis update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96265
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96265
    titleSUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0003-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-55B875C1AC.NASL
    description**MariaDB 10.2.19** Release notes : https://mariadb.com/kb/en/library/mariadb-10219-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120436
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120436
    titleFedora 28 : 3:mariadb (2018-55b875c1ac)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1499.NASL
    descriptionThis update for zlib fixes the following issues : - Remove incompatible declarations of
    last seen2020-06-05
    modified2016-12-21
    plugin id95975
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95975
    titleopenSUSE Security Update : zlib (openSUSE-2016-1499)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2085.NASL
    descriptionSeveral issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointer arithmetic. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id133323
    published2020-01-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133323
    titleDebian DLA-2085-1 : zlib security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1115.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3251) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3156) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3143) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3247) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3278)
    last seen2020-06-10
    modified2018-12-07
    plugin id119474
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119474
    titleAmazon Linux AMI : mysql56 (ALAS-2018-1115)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3046.NASL
    descriptionAn update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 7. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.
    last seen2020-06-01
    modified2020-06-02
    plugin id104139
    published2017-10-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104139
    titleRHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-309-01.NASL
    descriptionNew mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118746
    published2018-11-06
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118746
    titleSlackware 14.1 / 14.2 / current : mariadb (SSA:2018-309-01)
  • NASL familyDatabases
    NASL idMYSQL_5_6_42.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.42. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118234
    published2018-10-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118234
    titleMySQL 5.6.x < 5.6.42 Multiple Vulnerabilities (October 2018 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3972-1.NASL
    descriptionThis update for mariadb fixes the following issues : Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed : CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Release notes and changelog: https://kb.askmonty.org/en/mariadb-10037-release-notes https://kb.askmonty.org/en/mariadb-10037-changelog https://kb.askmonty.org/en/mariadb-10036-release-notes https://kb.askmonty.org/en/mariadb-10036-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2018-12-06
    plugin id119452
    published2018-12-06
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119452
    titleSUSE SLES12 Security Update : mariadb (SUSE-SU-2018:3972-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3453.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) For details on how to apply this update, which includes the changes described in this advisory, refer to : https://access.redhat.com/articles/11258 For this update to take effect, Red Hat Satellite must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id105267
    published2017-12-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105267
    titleRHEL 6 : Satellite Server (RHSA-2017:3453)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1384-1.NASL
    descriptionThis update for java-1_7_0-ibm fixes the following issues: Version update to 7.0-10.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100375
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100375
    titleSUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3209-1.NASL
    descriptionThis update for zlib fixes the following issues : - Incompatible declarations for external linkage function deflate (bnc#1003577) - CVE-2016-9842: Undefined Left Shift of Negative Number (bnc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bnc#1003579) - CVE-2016-9843: Big-endian out-of-bounds pointer Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96077
    published2016-12-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96077
    titleSUSE SLES11 Security Update : zlib (SUSE-SU-2016:3209-1)
  • NASL familyDatabases
    NASL idMYSQL_8_0_13.NASL
    descriptionThe version of MySQL running on the remote host is 8.0.x prior to 8.0.13. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118236
    published2018-10-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118236
    titleMySQL 8.0.x < 8.0.13 Multiple Vulnerabilities (Oct 2018 CPU) (Jul 2019 CPU)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1114.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3155) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3284) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3161) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3143) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3251) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3247) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3171) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3144) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3173) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3278) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3283) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3156) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3133) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3162) The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3277) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3277) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3185) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3187)
    last seen2020-06-10
    modified2018-12-07
    plugin id119473
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119473
    titleAmazon Linux AMI : mysql57 (ALAS-2018-1114)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1220.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)
    last seen2020-06-01
    modified2020-06-02
    plugin id100117
    published2017-05-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100117
    titleRHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:1220)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3542-1.NASL
    descriptionMySQL server was updated to version 5.5.62, fixing bugs and security issues. Changes : http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html Following security issues were fixed : CVE-2016-9843: The crc32_big function in zlib might have allowed context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. (bsc#1013882) Please note that SUSE uses the system zlib, not the embedded copy. CVE-2018-3133: Authenticated low privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112369) CVE-2018-3174: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112368) CVE-2018-3282: Authenticated high privilege attackers could cause denial of service attacks (hangs or crashes) against the mysql server (bsc#1112432) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118499
    published2018-10-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118499
    titleSUSE SLES11 Security Update : mysql (SUSE-SU-2018:3542-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4246-1.NASL
    descriptionIt was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842) It was discovered that zlib incorrectly handled vectors involving big-endian CRC calculation. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133204
    published2020-01-23
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133204
    titleUbuntu 16.04 LTS : zlib vulnerabilities (USN-4246-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4292-1.NASL
    descriptionIt was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842) It was discovered that rsync incorrectly handled vectors involving big-endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-25
    plugin id134039
    published2020-02-25
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134039
    titleUbuntu 16.04 LTS / 18.04 LTS : rsync vulnerabilities (USN-4292-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0555-1.NASL
    descriptionThis update for mariadb to version 10.2.22 fixes the following issues : Security issues fixed : CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377) CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404) CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386) CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security issues fixed: Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). Fixed an issue where the lograte was not working (bsc#1112767). Backport Information Schema CHECK_CONSTRAINTS Table. Maximum value of table_definition_cache is now 2097152. InnoDB ALTER TABLE fixes. Galera crash recovery fixes. Encryption fixes. Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). Maria DB testsuite - test main.plugin_auth failed (bsc#1111859) Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858) Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) remove PerconaFT from the package as it has AGPL licence (bsc#1118754) Database corruption after renaming a prefix-indexed column (bsc#1120041) Release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10222-release-notes https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122664
    published2019-03-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122664
    titleSUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2019:0555-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2048-1.NASL
    descriptionThis update for mariadb fixes the following issues : Update to MariaDB 10.0.38 GA (bsc#1136037). Security issues fixed : CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037) CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037) CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: Removed PerconaFT from the package as it has AGPL licence (bsc#1118754). Do not just remove tokudb plugin but don
    last seen2020-06-01
    modified2020-06-02
    plugin id127764
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127764
    titleSUSE SLES12 Security Update : mariadb (SUSE-SU-2019:2048-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1444-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100540
    published2017-05-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100540
    titleSUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1444-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1387-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues: Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100378
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100378
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1387-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1222.NASL
    descriptionAn update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP45. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)
    last seen2020-06-01
    modified2020-06-02
    plugin id100119
    published2017-05-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100119
    titleRHEL 6 : java-1.6.0-ibm (RHSA-2017:1222)
  • NASL familyWeb Servers
    NASL idIBM_TEM_9_2_11_19.NASL
    descriptionAccording to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.1.x prior to 9.1.1328.0 or 9.2.x prior to 9.2.11.19. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds pointer arithmetic error exists in zlib within file inftrees.c. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9840) - An out-of-bounds pointer arithmetic error exists in zlib within file inffast.c. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9841) - A flaw exists in zlib in the z_streamp() function within file inflate.c that is related to left shifts of negative numbers. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9842) - An out-of-bounds pointer flaw exists in the crc32_big() function within file crc32.c when handling big-endian pointer calculations. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition. (CVE-2016-9843) - A cross-site scripting (XSS) vulnerability exists in the web-based user interface due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id102019
    published2017-07-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102019
    titleIBM BigFix Platform 9.1.x < 9.1.1328.0 / 9.2.x < 9.2.11.19 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_5_62.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118233
    published2018-10-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118233
    titleMySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2989-1.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed : - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes : - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104531
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104531
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_EC5072B0D43A11E8A6D2B499BAEBFEAF.NASL
    descriptionOracle reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id118248
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118248
    titleFreeBSD : MySQL -- multiple vulnerabilities (ec5072b0-d43a-11e8-a6d2-b499baebfeaf)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1276.NASL
    descriptionAccording to the versions of the zlib packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.(CVE-2016-9840) - inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.i1/4^CVE-2016-9841i1/4%0 - The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.i1/4^CVE-2016-9842i1/4%0 - The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.i1/4^CVE-2016-9843i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2019-04-04
    plugin id123744
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123744
    titleEulerOS Virtualization 2.5.3 : zlib (EulerOS-SA-2019-1276)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-192148F4FF.NASL
    description**MariaDB 10.2.19** Release notes : https://mariadb.com/kb/en/library/mariadb-10219-release-notes/ CVEs fixed : CVE-2018-3282 CVE-2016-9843 CVE-2018-3174 CVE-2018-3143 CVE-2018-3156 CVE-2018-3251 CVE-2018-3185 CVE-2018-3277 CVE-2018-3162 CVE-2018-3173 CVE-2018-3200 CVE-2018-3284 Aditional notes : As per the upstream MariaDB Deprecation Policy, this will be the last release of MariaDB 10.2 supporting Fedora 27 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-11-27
    plugin id119154
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119154
    titleFedora 27 : 3:mariadb (2018-192148f4ff)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1725.NASL
    descriptionTrail of Bits used the automated vulnerability discovery tools developed for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, versatile, remote (and local) file-copying tool, uses an embedded copy of zlib, those issues are also present in rsync. CVE-2016-9840 In order to avoid undefined behavior, remove offset pointer optimization, as this is not compliant with the C standard. CVE-2016-9841 Only use post-increment to be compliant with the C standard. CVE-2016-9842 In order to avoid undefined behavior, do not shift negative values, as this is not compliant with the C standard. CVE-2016-9843 In order to avoid undefined behavior, do not pre-decrement a pointer in big-endian CRC calculation, as this is not compliant with the C standard. CVE-2018-5764 Prevent remote attackers from being able to bypass the argument-sanitization protection mechanism by ignoring --protect-args when already sent by client. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id123019
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123019
    titleDebian DLA-1725-1 : rsync security update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0021_ZLIB.NASL
    descriptionAn update of the zlib package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121704
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121704
    titlePhoton OS 1.0: Zlib PHSA-2017-0021
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-47.NASL
    descriptionThis update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) - Incompatible declarations for external linkage function deflate (bsc#1003577) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-01-10
    plugin id96377
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96377
    titleopenSUSE Security Update : zlib (openSUSE-2017-47)
  • NASL familyDatabases
    NASL idMARIADB_10_0_37.NASL
    descriptionThe version of MariaDB running of remote host is 10.0.0 prior to 10.0.37. It is, therefore, affected by multiple vulnerabilities
    last seen2020-05-31
    modified2019-01-16
    plugin id121191
    published2019-01-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121191
    titleMariaDB 10.0.0 < 10.0.37 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1284.NASL
    descriptionMySQL Community Server was updated to 5.6.42, fixing bugs and security issues : Changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-42.html Fixed CVEs : - CVE-2016-9843 [boo#1013882], CVE-2018-3143 [boo#1112421], - CVE-2018-3156 [boo#1112417], CVE-2018-3251 [boo#1112397], - CVE-2018-3133 [boo#1112369], CVE-2018-3247 [boo#1112398], - CVE-2018-3174 [boo#1112368], CVE-2018-3276 [boo#1112393], - CVE-2018-3278 [boo#1112390], CVE-2018-3282 [boo#1112432],
    last seen2020-06-05
    modified2018-10-26
    plugin id118452
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118452
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2018-1284)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1269.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed : - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes : - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-11-13
    plugin id104527
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104527
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-1269)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3047.NASL
    descriptionAn update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 6. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.
    last seen2020-06-01
    modified2020-06-02
    plugin id104140
    published2017-10-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104140
    titleRHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:3047)
  • NASL familyDatabases
    NASL idMARIADB_5_5_62.NASL
    descriptionThe version of MariaDB running on the remote host is 5.5.x prior to 5.5.62. It is, therefore, affected by multiple denial of service vulnerabilities. - A denial of service vulnerability exists in the crc32_big() function within file crc32.c due to an out-of bounds pointer flaw. An unauthenticated, remote attacker can exploit this, via a specially crafted document, to cause the application to stop responding. (CVE-2016-9843) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Client programs). An authenticated, local attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3174) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Storage Engines). An authenticated, remote attacker can exploit this issue, to cause MySQL Server to stop responding. (CVE-2018-3282) - A denial of service vulnerability exists in the MySQL component of Oracle MySQL (subcomponent: Server: Connection Handling). An authenticated, adjacent attacker can exploit this, to cause MySQL Server to stop responding. (CVE-2019-2503) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id122258
    published2019-02-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122258
    titleMariaDB 5.5.x < 5.5.62 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_7_24.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.24 It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 and July 2019 Critical Patch Update advisories. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118235
    published2018-10-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118235
    titleMySQL 5.7.x < 5.7.24 Multiple Vulnerabilities (Oct 2018 CPU) (Jul 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1389-1.NASL
    descriptionThis update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.45 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119998
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119998
    titleSUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1389-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1193.NASL
    descriptionThe crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).(CVE-2018-3174)
    last seen2020-06-01
    modified2020-06-02
    plugin id124128
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124128
    titleAmazon Linux 2 : mariadb (ALAS-2019-1193)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2704.NASL
    descriptionAccording to the versions of the zlib packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.(CVE-2016-9840) - inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.(CVE-2016-9841) - The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.(CVE-2016-9842) - The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.(CVE-2016-9843) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-23
    plugin id132371
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132371
    titleEulerOS 2.0 SP5 : zlib (EulerOS-SA-2019-2704)

Redhat

advisories
  • rhsa
    idRHSA-2017:1220
  • rhsa
    idRHSA-2017:1221
  • rhsa
    idRHSA-2017:1222
  • rhsa
    idRHSA-2017:2999
  • rhsa
    idRHSA-2017:3046
  • rhsa
    idRHSA-2017:3047
  • rhsa
    idRHSA-2017:3453
rpms
  • java-1.8.0-ibm-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-demo-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-demo-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-devel-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-jdbc-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-plugin-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-plugin-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.8.0-ibm-src-1:1.8.0.4.5-1jpp.1.el6_9
  • java-1.8.0-ibm-src-1:1.8.0.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-demo-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-demo-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-devel-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-plugin-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-plugin-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.7.1-ibm-src-1:1.7.1.4.5-1jpp.1.el7_3
  • java-1.7.1-ibm-src-1:1.7.1.4.5-1jpp.2.el6_9
  • java-1.6.0-ibm-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-demo-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-devel-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-javacomm-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-jdbc-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-plugin-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.6.0-ibm-src-1:1.6.0.16.45-1jpp.1.el6_9
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7
  • java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9

References