Vulnerabilities > CVE-2017-1289 - XXE vulnerability in IBM SDK
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
LOW Summary
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1386-1.NASL description This update for java-1_8_0-ibm fixes the following issues: Version update bsc#1038505 : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100377 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100377 title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1386-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(100377); script_version("3.9"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_name(english:"SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for java-1_8_0-ibm fixes the following issues: Version update bsc#1038505 : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038505" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9840/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9841/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9842/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9843/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1289/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3509/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3511/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3533/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3539/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3544/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171386-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b1e96fe3" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-844=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-844=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-844=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-844=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-alsa-1.8.0_sr4.5-29.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-plugin-1.8.0_sr4.5-29.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_8_0-ibm-1.8.0_sr4.5-29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_8_0-ibm-1.8.0_sr4.5-29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_8_0-ibm-alsa-1.8.0_sr4.5-29.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_8_0-ibm-plugin-1.8.0_sr4.5-29.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_8_0-ibm"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1221.NASL description An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544) last seen 2020-06-01 modified 2020-06-02 plugin id 100118 published 2017-05-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100118 title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1221. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(100118); script_version("3.12"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_xref(name:"RHSA", value:"2017:1221"); script_name(english:"RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)" ); script_set_attribute( attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:1221" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9840" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9841" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9842" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9843" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-1289" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3509" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3511" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3533" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3539" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3544" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:1221"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.2.el6_9")) flag++; if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-demo-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"java-1.7.1-ibm-devel-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-jdbc-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-plugin-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.1-ibm-src-1.7.1.4.5-1jpp.1.el7_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1385-1.NASL description This update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100376 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100376 title SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1385-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1385-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(100376); script_version("3.9"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_name(english:"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1385-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for java-1_7_1-ibm fixes the following issues : - Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038505" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9840/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9841/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9842/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9843/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1289/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3509/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3511/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3533/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3539/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3544/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171385-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b99504ca" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-847=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-847=1 SUSE Linux Enterprise Server for SAP 12:zypper in -t patch SUSE-SLE-SAP-12-2017-847=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-847=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-847=1 SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2017-847=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-devel-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr4.5-37.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr4.5-37.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_1-ibm"); }
NASL family AIX Local Security Checks NASL id AIX_JAVA_APR2017_ADVISORY.NASL description The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - Multiple vulnerabilities exist in the zlib subcomponent that allow an unauthenticated, remote attacker to trigger denial of service conditions. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) - An unspecified flaw exists in the XML subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-1289) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3509) - An unspecified flaw exists in the JCE subcomponent that allows a local attacker to gain elevated privileges. This vulnerability does not affect Java SE version 6. (CVE-2017-3511) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. This vulnerability does not affect Java SE version 6. (CVE-2017-3512) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3514) - Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3533, CVE-2017-3544) - An unspecified flaw exists in the Security subcomponent that allows an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3539) last seen 2020-06-01 modified 2020-06-02 plugin id 103189 published 2017-09-13 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103189 title AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103189); script_version("1.6"); script_cvs_date("Date: 2018/07/17 12:00:06"); script_cve_id( "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3512", "CVE-2017-3514", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544" ); script_bugtraq_id( 95131, 97727, 97729, 97731, 97737, 97740, 97745, 97752, 98401 ); script_name(english:"AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)"); script_summary(english:"Checks the version of the Java package."); script_set_attribute(attribute:"synopsis", value: "The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - Multiple vulnerabilities exist in the zlib subcomponent that allow an unauthenticated, remote attacker to trigger denial of service conditions. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) - An unspecified flaw exists in the XML subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-1289) - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3509) - An unspecified flaw exists in the JCE subcomponent that allows a local attacker to gain elevated privileges. This vulnerability does not affect Java SE version 6. (CVE-2017-3511) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. This vulnerability does not affect Java SE version 6. (CVE-2017-3512) - An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3514) - Multiple unspecified flaws exist in the Networking subcomponent that allow an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3533, CVE-2017-3544) - An unspecified flaw exists in the Security subcomponent that allows an unauthenticated, remote attacker to gain update, insert, or delete access to unauthorized data. (CVE-2017-3539)"); # http://aix.software.ibm.com/aix/efixes/security/java_apr2017_advisory.asc script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d03f97b"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce533d8f"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?17d05c61"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4595696"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9abd5252"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ee03dc1"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f7a066c"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52d4ddf3"); # https://www-945.ibm.com/support/fixcentral/swg/selectFixes? # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?343fa903"); # http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?623d2c22"); script_set_attribute(attribute:"solution", value: "Fixes are available by version and can be downloaded from the IBM AIX website."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/08"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"AIX Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version", "Host/AIX/oslevelsp"); exit(0); } include("aix.inc"); include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); oslevel = get_kb_item_or_exit("Host/AIX/version"); if ( oslevel != "AIX-5.3" && oslevel != "AIX-6.1" && oslevel != "AIX-7.1" && oslevel != "AIX-7.2" ) { oslevel = ereg_replace(string:oslevel, pattern:"-", replace:" "); audit(AUDIT_OS_NOT, "AIX 5.3 / 6.1 / 7.1 / 7.2", oslevel); } oslevelcomplete = chomp(get_kb_item("Host/AIX/oslevelsp")); if (empty_or_null(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; #Java6 6.0.0.645 if (aix_check_package(release:"5.3", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; if (aix_check_package(release:"6.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; if (aix_check_package(release:"5.3", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; if (aix_check_package(release:"6.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.644", fixpackagever:"6.0.0.645") > 0) flag++; #Java7 7.0.0.605 if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.604", fixpackagever:"7.0.0.605") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.604", fixpackagever:"7.0.0.605") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.604", fixpackagever:"7.0.0.605") > 0) flag++; if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.604", fixpackagever:"7.0.0.605") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.604", fixpackagever:"7.0.0.605") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.604", fixpackagever:"7.0.0.605") > 0) flag++; #Java7.1 7.1.0.405 if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.404", fixpackagever:"7.1.0.405") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.404", fixpackagever:"7.1.0.405") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.404", fixpackagever:"7.1.0.405") > 0) flag++; if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.404", fixpackagever:"7.1.0.405") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.404", fixpackagever:"7.1.0.405") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.404", fixpackagever:"7.1.0.405") > 0) flag++; #Java8.0 8.0.0.406 if (aix_check_package(release:"6.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.405", fixpackagever:"8.0.0.406") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.405", fixpackagever:"8.0.0.406") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.405", fixpackagever:"8.0.0.406") > 0) flag++; if (aix_check_package(release:"6.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.405", fixpackagever:"8.0.0.406") > 0) flag++; if (aix_check_package(release:"7.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.405", fixpackagever:"8.0.0.406") > 0) flag++; if (aix_check_package(release:"7.2", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.405", fixpackagever:"8.0.0.406") > 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : aix_report_get() ); } else { tested = aix_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Java6 / Java7 / Java8"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-3453.NASL description An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) For details on how to apply this update, which includes the changes described in this advisory, refer to : https://access.redhat.com/articles/11258 For this update to take effect, Red Hat Satellite must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 105267 published 2017-12-15 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105267 title RHEL 6 : Satellite Server (RHSA-2017:3453) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:3453. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(105267); script_version("3.8"); script_cvs_date("Date: 2019/10/24 15:35:44"); script_cve_id("CVE-2016-10165", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10078", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10243", "CVE-2017-10281", "CVE-2017-10285", "CVE-2017-10295", "CVE-2017-10309", "CVE-2017-10345", "CVE-2017-10346", "CVE-2017-10347", "CVE-2017-10348", "CVE-2017-10349", "CVE-2017-10350", "CVE-2017-10355", "CVE-2017-10356", "CVE-2017-10357", "CVE-2017-10388", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_xref(name:"RHSA", value:"2017:3453"); script_name(english:"RHEL 6 : Satellite Server (RHSA-2017:3453)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, CVE-2017-10053, CVE-2017-10067, CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) For details on how to apply this update, which includes the changes described in this advisory, refer to : https://access.redhat.com/articles/11258 For this update to take effect, Red Hat Satellite must be restarted ('/usr/sbin/rhn-satellite restart'). All running instances of IBM Java must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:3453" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9840" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9841" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9842" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9843" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-10165" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-1289" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3509" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3511" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3533" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3539" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3544" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10053" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10067" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10078" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10087" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10089" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10090" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10096" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10101" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10102" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10105" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10107" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10108" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10109" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10115" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10116" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10243" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10281" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10285" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10295" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10309" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10345" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10346" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10347" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10348" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10349" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10350" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10355" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10356" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10357" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-10388" ); script_set_attribute( attribute:"solution", value: "Update the affected java-1.8.0-ibm and / or java-1.8.0-ibm-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/03"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:3453"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL6", rpm:"spacewalk-admin-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server"); if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-1.8.0.5.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-1.8.0.5.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-devel-1.8.0.5.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-devel-1.8.0.5.5-1jpp.1.el6_9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-ibm / java-1.8.0-ibm-devel"); } }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1384-1.NASL description This update for java-1_7_0-ibm fixes the following issues: Version update to 7.0-10.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100375 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100375 title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1384-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(100375); script_version("3.9"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_name(english:"SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for java-1_7_0-ibm fixes the following issues: Version update to 7.0-10.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038505" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9840/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9841/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9842/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9843/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1289/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3509/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3511/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3533/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3539/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3544/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171384-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2813b030" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-java-1_7_0-ibm-13124=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-java-1_7_0-ibm-13124=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"java-1_7_0-ibm-alsa-1.7.0_sr10.5-64.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"java-1_7_0-ibm-plugin-1.7.0_sr10.5-64.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_7_0-ibm-1.7.0_sr10.5-64.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_7_0-ibm-devel-1.7.0_sr10.5-64.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_7_0-ibm-jdbc-1.7.0_sr10.5-64.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"java-1_7_0-ibm-alsa-1.7.0_sr10.5-64.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"java-1_7_0-ibm-plugin-1.7.0_sr10.5-64.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-ibm"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1220.NASL description An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544) last seen 2020-06-01 modified 2020-06-02 plugin id 100117 published 2017-05-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100117 title RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:1220) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1220. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(100117); script_version("3.12"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_xref(name:"RHSA", value:"2017:1220"); script_name(english:"RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:1220)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP5. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)" ); script_set_attribute( attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:1220" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9840" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9841" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9842" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9843" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-1289" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3509" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3511" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3533" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3539" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3544" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:1220"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el6_9")) flag++; if (rpm_check(release:"RHEL7", reference:"java-1.8.0-ibm-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.8.0-ibm-demo-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"java-1.8.0-ibm-devel-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.8.0-ibm-jdbc-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.8.0-ibm-plugin-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.8.0-ibm-src-1.8.0.4.5-1jpp.1.el7_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1444-1.NASL description This update for java-1_6_0-ibm fixes the following issues : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100540 published 2017-05-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100540 title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1444-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1444-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(100540); script_version("3.8"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2016-2183", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3514", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_name(english:"SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1444-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for java-1_6_0-ibm fixes the following issues : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027038" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038505" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-2183/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9840/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9841/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9842/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9843/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1289/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3509/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3514/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3533/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3539/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3544/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171444-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8c928ab5" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-java-1_6_0-ibm-13130=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-java-1_6_0-ibm-13130=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/01"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_6_0-ibm-1.6.0_sr16.45-84.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_6_0-ibm-devel-1.6.0_sr16.45-84.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.45-84.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.45-84.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-ibm"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1387-1.NASL description This update for java-1_7_1-ibm fixes the following issues: Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100378 published 2017-05-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100378 title SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1387-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1387-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(100378); script_version("3.9"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-1289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544"); script_name(english:"SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1387-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for java-1_7_1-ibm fixes the following issues: Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038505" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9840/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9841/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9842/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9843/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1289/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3509/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3511/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3533/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3539/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3544/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171387-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0795a9e4" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-java-1_7_1-ibm-13123=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-java-1_7_1-ibm-13123=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr4.5-25.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr4.5-25.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"java-1_7_1-ibm-1.7.1_sr4.5-25.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr4.5-25.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"java-1_7_1-ibm-alsa-1.7.1_sr4.5-25.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"java-1_7_1-ibm-plugin-1.7.1_sr4.5-25.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_1-ibm"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1222.NASL description An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP45. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page, listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544) last seen 2020-06-01 modified 2020-06-02 plugin id 100119 published 2017-05-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100119 title RHEL 6 : java-1.6.0-ibm (RHSA-2017:1222) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1389-1.NASL description This update for java-1_6_0-ibm fixes the following issues : - Version update to 6.0-16.45 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 119998 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119998 title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1389-1)
Redhat
advisories |
| ||||||||||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/98401
- http://www.securityfocus.com/bid/98401
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:3453
- https://access.redhat.com/errata/RHSA-2017:3453
- https://www.ibm.com/support/docview.wss?uid=swg22002169
- https://www.ibm.com/support/docview.wss?uid=swg22002169