Vulnerabilities > CVE-2018-11212 - Divide By Zero vulnerability in multiple products

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Ijg IJG Libjpeg 9A	1
Application	Netapp Netapp Snapmanager * Netapp Oncommand Workflow Automation * Netapp Oncommand Unified Manager * Netapp Oncommand Unified Manager 7.3 Netapp Oncommand Unified Manager 9.4 Netapp Oncommand Unified Manager 9.5	9
Application	Oracle Oracle JDK 1.8.0 Oracle JDK 1.7.0 Oracle JDK 11.0.1 Oracle JRE 8.0	4
Application	Redhat Redhat Satellite 5.8	1
OS	Debian Debian Debian Linux 8.0	1
OS	Canonical Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 12.04	4
OS	Redhat Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Server 7.0	6
OS	Opensuse Opensuse Leap 15.0	1

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

Nessus

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1306.NASL
description	According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2019-05-01
plugin id	124433
published	2019-05-01
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124433
title	EulerOS 2.0 SP5 : libjpeg-turbo (EulerOS-SA-2019-1306)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124433); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2018-11212" ); script_name(english:"EulerOS 2.0 SP5 : libjpeg-turbo (EulerOS-SA-2019-1306)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1306 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fb4d2e98"); script_set_attribute(attribute:"solution", value: "Update the affected libjpeg-turbo package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libjpeg-turbo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libjpeg-turbo-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libjpeg-turbo-1.2.90-6.h3.eulerosv2r7", "libjpeg-turbo-devel-1.2.90-6.h3.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1468.NASL
description	According to the version of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124792
published	2019-05-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124792
title	EulerOS Virtualization 3.0.1.0 : libjpeg-turbo (EulerOS-SA-2019-1468)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124792); script_version("1.4"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2018-11212" ); script_name(english:"EulerOS Virtualization 3.0.1.0 : libjpeg-turbo (EulerOS-SA-2019-1468)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1468 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d3b70b3"); script_set_attribute(attribute:"solution", value: "Update the affected libjpeg-turbo package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libjpeg-turbo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libjpeg-turbo-1.2.90-6.h3"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo"); }

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0185_LIBJPEG-TURBO.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. (CVE-2016-3616) - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. (CVE-2018-11813) - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11213) - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11214) - An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. (CVE-2018-11212) - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	129912
published	2019-10-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129912
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0185)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1305.NASL
description	According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2019-05-01
plugin id	124432
published	2019-05-01
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124432
title	EulerOS 2.0 SP2 : libjpeg-turbo (EulerOS-SA-2019-1305)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1392-1.NASL
description	This update for java-1_7_0-openjdk fixes the following issues : Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed : CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: Please check the package Changelog for detailed information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125676
published	2019-06-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125676
title	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:1392-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0574-1.NASL
description	This update for java-1_8_0-openjdk to version jdk8u201 (icedtea 3.11.0) fixes the following issues : Security issues fixed : CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). Complete list of changes: https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/0412 23.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122748
published	2019-03-11
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122748
title	SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:0574-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2052.NASL
description	An update for libjpeg-turbo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es) : * libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg:
last seen	2020-06-01
modified	2020-06-02
plugin id	127661
published	2019-08-12
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127661
title	RHEL 7 : libjpeg-turbo (RHSA-2019:2052)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-346.NASL
description	This update for java-1_8_0-openjdk to version jdk8u201 (icedtea 3.11.0) fixes the following issues: Security issues fixed : - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). Complete list of changes: https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/0412 23.html This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	122943
published	2019-03-19
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122943
title	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-346)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2291-1.NASL
description	This update for java-1_8_0-ibm fixes the following issues : Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed : CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128520
published	2019-09-05
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128520
title	SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2291-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0585-1.NASL
description	This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues : Security issues fixed : CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). CVE-2019-2449: Fixed a vulnerability which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122808
published	2019-03-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122808
title	SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:0585-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0474.NASL
description	An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40. Security Fix(es) : * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	122713
published	2019-03-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122713
title	RHEL 6 : java-1.7.1-ibm (RHSA-2019:0474)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0473.NASL
description	An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40. Security Fix(es) : * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	122712
published	2019-03-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122712
title	RHEL 7 : java-1.7.1-ibm (RHSA-2019:0473)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-13978-1.NASL
description	This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues : Security issues fixed : CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IB M_Sec urity_Update_February_2019 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122867
published	2019-03-15
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122867
title	SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2019:13978-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0604-1.NASL
description	This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues : Security issues fixed : CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IB M_Sec urity_Update_February_2019 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122850
published	2019-03-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122850
title	SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2019:0604-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2371-1.NASL
description	This update for java-1_8_0-ibm fixes the following issues : Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed : CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128872
published	2019-09-16
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128872
title	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:2371-1)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL
description	An update of the openjdk11 package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136109
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136109
title	Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-1238.NASL
description	An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Security Fix(es) : * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549) * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	125239
published	2019-05-17
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125239
title	RHEL 8 : java-1.8.0-ibm (RHSA-2019:1238)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1439.NASL
description	This update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed : - Disable LTO (bsc#1133135). - Added Japanese new era name. This update was imported from the SUSE:SLE-12-SP1:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125451
published	2019-05-28
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125451
title	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1439) (Spectre)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1638.NASL
description	Several vulnerabilities have been resolved in libjpeg-turbo, Debian
last seen	2020-03-17
modified	2019-01-23
plugin id	121315
published	2019-01-23
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121315
title	Debian DLA-1638-1 : libjpeg-turbo security update

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1628.NASL
description	According to the version of the libjpeg-turbo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125580
published	2019-05-30
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125580
title	EulerOS Virtualization for ARM 64 3.0.2.0 : libjpeg-turbo (EulerOS-SA-2019-1628)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0227_LIBJPEG-TURBO.NASL
description	The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libjpeg-turbo packages installed that are affected by multiple vulnerabilities: - The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. (CVE-2016-3616) - libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. (CVE-2018-11813) - An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11213) - An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. (CVE-2018-11214) - An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. (CVE-2018-11212) - get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. (CVE-2018-14498) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	132505
published	2019-12-31
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132505
title	NewStart CGSL CORE 5.05 / MAIN 5.05 : libjpeg-turbo Multiple Vulnerabilities (NS-SA-2019-0227)

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_JAN_2019_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components : - An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212) - An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2426) - An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2449) - An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2422) Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	121230
published	2019-01-17
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121230
title	Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU) (Unix)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0472.NASL
description	An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Security Fix(es) : * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	122711
published	2019-03-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122711
title	RHEL 7 : java-1.8.0-ibm (RHSA-2019:0472)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2019-2052.NASL
description	An update for libjpeg-turbo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es) : * libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg:
last seen	2020-06-01
modified	2020-06-02
plugin id	128342
published	2019-08-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128342
title	CentOS 7 : libjpeg-turbo (CESA-2019:2052)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2019-1286.NASL
description	The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214) An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213) get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212)
last seen	2020-06-01
modified	2020-06-02
plugin id	129013
published	2019-09-19
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129013
title	Amazon Linux AMI : libjpeg-turbo (ALAS-2019-1286)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20190806_LIBJPEG_TURBO_ON_SL7_X.NASL
description	Security Fix(es) : - libjpeg: NULL pointer dereference in cjpeg (CVE-2016-3616) - libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) - libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) - libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) - libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) - libjpeg:
last seen	2020-03-18
modified	2019-08-27
plugin id	128231
published	2019-08-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128231
title	Scientific Linux Security Update : libjpeg-turbo on SL7.x x86_64 (20190806)

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_JAN_2019.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components : - An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212) - An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2426) - An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2449) - An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2422) Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	121231
published	2019-01-17
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121231
title	Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2019-1350.NASL
description	The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616) A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file. CVE-2018-11212) An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213) An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214) libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813) get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498)
last seen	2020-06-01
modified	2020-06-02
plugin id	130602
published	2019-11-07
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130602
title	Amazon Linux 2 : libjpeg-turbo (ALAS-2019-1350)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0469.NASL
description	An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Security Fix(es) : * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	122659
published	2019-03-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122659
title	RHEL 6 : java-1.8.0-ibm (RHSA-2019:0469)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1500.NASL
description	This update for java-1_7_0-openjdk fixes the following issues : Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed : - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes : - Please check the package Changelog for detailed information. This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125698
published	2019-06-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125698
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-1500)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2019-1198.NASL
description	A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212)
last seen	2020-06-01
modified	2020-06-02
plugin id	124304
published	2019-04-26
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124304
title	Amazon Linux 2 : libjpeg-turbo (ALAS-2019-1198)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0617-1.NASL
description	This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues : Security issues fixed : CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). CVE-2019-2449: Fixed a vulnerability which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122889
published	2019-03-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122889
title	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:0617-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0640.NASL
description	An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Security Fix(es) : * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	123146
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123146
title	RHEL 6 : java-1.8.0-ibm (RHSA-2019:0640)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3706-1.NASL
description	It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	110973
published	2018-07-10
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110973
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libjpeg-turbo vulnerabilities (USN-3706-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-161.NASL
description	This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : - CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing (bsc#1122299) - Better route routing - Better interface enumeration - Better interface lists - Improve BigDecimal support - Improve robot support - Better icon support - Choose printer defaults - Proper allocation handling - Initial class initialization - More reliable p11 transactions - Improve NIO stability - Better loading of classloader classes - Strengthen Windows Access Bridge Support - Improved data set handling - Improved LSA authentication - Libsunmscapi improved interactions Non-security issues fix : - Do not resolve by default the added JavaEE modules (bsc#1120431) - ~2.5% regression on compression benchmark starting with 12-b11 - java.net.http.HttpClient hangs on 204 reply without Content-length 0 - Add additional TeliaSonera root certificate - Add more ld preloading related info to hs_error file on Linux - Add test to exercise server-side client hello processing - AES encrypt performance regression in jdk11b11 - AIX: ProcessBuilder: Piping between created processes does not work. - AIX: Some class library files are missing the Classpath exception - AppCDS crashes for some uses with JRuby - Automate vtable/itable stub size calculation - BarrierSetC1::generate_referent_check() confuses register allocator - Better HTTP Redirection - Catastrophic size_t underflow in BitMap::*_large methods - Clip.isRunning() may return true after Clip.stop() was called - Compiler thread creation should be bounded by available space in memory and Code Cache - com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code - Default mask register for avx512 instructions - Delayed starting of debugging via jcmd - Disable all DES cipher suites - Disable anon and NULL cipher suites - Disable unsupported GCs for Zero - Epsilon alignment adjustments can overflow max TLAB size - Epsilon elastic TLAB sizing may cause misalignment - HotSpot update for vm_version.cpp to recognise updated VS2017 - HttpClient does not retrieve files with large sizes over HTTP/1.1 - IIOException
last seen	2020-06-01
modified	2020-06-02
plugin id	122145
published	2019-02-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122145
title	openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1589.NASL
description	According to the version of the libjpeg-turbo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2019-05-29
plugin id	125516
published	2019-05-29
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125516
title	EulerOS 2.0 SP3 : libjpeg-turbo (EulerOS-SA-2019-1589)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1219-1.NASL
description	This update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing (bsc#1132728). CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). CVE-2019-2422: Better FileChannel (bsc#1122293). CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: Disable LTO (bsc#1133135). Added Japanese new era name. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125023
published	2019-05-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125023
title	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1219-1) (Spectre)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL
description	An update of the openjdk11 package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136100
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136100
title	Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0221-1.NASL
description	This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) CVE-2019-2426: Improve web server connections CVE-2018-11212: Improve JPEG processing (bsc#1122299) Better route routing Better interface enumeration Better interface lists Improve BigDecimal support Improve robot support Better icon support Choose printer defaults Proper allocation handling Initial class initialization More reliable p11 transactions Improve NIO stability Better loading of classloader classes Strengthen Windows Access Bridge Support Improved data set handling Improved LSA authentication Libsunmscapi improved interactions Non-security issues fix: Do not resolve by default the added JavaEE modules (bsc#1120431) ~2.5% regression on compression benchmark starting with 12-b11 java.net.http.HttpClient hangs on 204 reply without Content-length 0 Add additional TeliaSonera root certificate Add more ld preloading related info to hs_error file on Linux Add test to exercise server-side client hello processing AES encrypt performance regression in jdk11b11 AIX: ProcessBuilder: Piping between created processes does not work. AIX: Some class library files are missing the Classpath exception AppCDS crashes for some uses with JRuby Automate vtable/itable stub size calculation BarrierSetC1::generate_referent_check() confuses register allocator Better HTTP Redirection Catastrophic size_t underflow in BitMap::*_large methods Clip.isRunning() may return true after Clip.stop() was called Compiler thread creation should be bounded by available space in memory and Code Cache com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code Default mask register for avx512 instructions Delayed starting of debugging via jcmd Disable all DES cipher suites Disable anon and NULL cipher suites Disable unsupported GCs for Zero Epsilon alignment adjustments can overflow max TLAB size Epsilon elastic TLAB sizing may cause misalignment HotSpot update for vm_version.cpp to recognise updated VS2017 HttpClient does not retrieve files with large sizes over HTTP/1.1 IIOException
last seen	2020-03-18
modified	2019-02-04
plugin id	121568
published	2019-02-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121568
title	SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:0221-1)

Redhat

advisories

rhsa
id RHSA-2019:0469
rhsa
id RHSA-2019:0472
rhsa
id RHSA-2019:0473
rhsa
id RHSA-2019:0474
rhsa
id RHSA-2019:0640
rhsa
id RHSA-2019:1238
rhsa
id RHSA-2019:2052

rpms

java-1.8.0-ibm-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-demo-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-devel-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-jdbc-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-plugin-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-src-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-1:1.8.0.5.30-1jpp.1.el7
java-1.8.0-ibm-demo-1:1.8.0.5.30-1jpp.1.el7
java-1.8.0-ibm-devel-1:1.8.0.5.30-1jpp.1.el7
java-1.8.0-ibm-jdbc-1:1.8.0.5.30-1jpp.1.el7
java-1.8.0-ibm-plugin-1:1.8.0.5.30-1jpp.1.el7
java-1.8.0-ibm-src-1:1.8.0.5.30-1jpp.1.el7
java-1.7.1-ibm-1:1.7.1.4.40-1jpp.1.el7
java-1.7.1-ibm-demo-1:1.7.1.4.40-1jpp.1.el7
java-1.7.1-ibm-devel-1:1.7.1.4.40-1jpp.1.el7
java-1.7.1-ibm-jdbc-1:1.7.1.4.40-1jpp.1.el7
java-1.7.1-ibm-plugin-1:1.7.1.4.40-1jpp.1.el7
java-1.7.1-ibm-src-1:1.7.1.4.40-1jpp.1.el7
java-1.7.1-ibm-1:1.7.1.4.40-1jpp.1.el6_10
java-1.7.1-ibm-demo-1:1.7.1.4.40-1jpp.1.el6_10
java-1.7.1-ibm-devel-1:1.7.1.4.40-1jpp.1.el6_10
java-1.7.1-ibm-jdbc-1:1.7.1.4.40-1jpp.1.el6_10
java-1.7.1-ibm-plugin-1:1.7.1.4.40-1jpp.1.el6_10
java-1.7.1-ibm-src-1:1.7.1.4.40-1jpp.1.el6_10
java-1.8.0-ibm-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-devel-1:1.8.0.5.30-1jpp.1.el6_10
java-1.8.0-ibm-1:1.8.0.5.35-3.el8_0
java-1.8.0-ibm-demo-1:1.8.0.5.35-3.el8_0
java-1.8.0-ibm-devel-1:1.8.0.5.35-3.el8_0
java-1.8.0-ibm-headless-1:1.8.0.5.35-3.el8_0
java-1.8.0-ibm-jdbc-1:1.8.0.5.35-3.el8_0
java-1.8.0-ibm-plugin-1:1.8.0.5.35-3.el8_0
java-1.8.0-ibm-src-1:1.8.0.5.35-3.el8_0
java-1.8.0-ibm-webstart-1:1.8.0.5.35-3.el8_0
libjpeg-turbo-0:1.2.90-8.el7
libjpeg-turbo-debuginfo-0:1.2.90-8.el7
libjpeg-turbo-devel-0:1.2.90-8.el7
libjpeg-turbo-static-0:1.2.90-8.el7
libjpeg-turbo-utils-0:1.2.90-8.el7
turbojpeg-0:1.2.90-8.el7
turbojpeg-devel-0:1.2.90-8.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References