Vulnerabilities > CVE-2019-2821 - Unspecified vulnerability in Oracle JDK and JRE

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
high complexity
oracle
nessus

Summary

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
4

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0250_OPENJDK.NASL
    descriptionAn update of the openjdk package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128710
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128710
    titlePhoton OS 1.0: Openjdk PHSA-2019-1.0-0250
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-1.0-0250. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128710);
      script_version("1.5");
      script_cvs_date("Date: 2019/12/30");
    
      script_cve_id(
        "CVE-2019-2745",
        "CVE-2019-2762",
        "CVE-2019-2769",
        "CVE-2019-2816",
        "CVE-2019-2821"
      );
    
      script_name(english:"Photon OS 1.0: Openjdk PHSA-2019-1.0-0250");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openjdk package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-250.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2816");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjdk-1.8.0.222-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjdk-debuginfo-1.8.0.222-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjdk-doc-1.8.0.222-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjdk-sample-1.8.0.222-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openjdk-src-1.8.0.222-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk");
    }
    
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_JUL_2019_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities: - Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to cause a partial denial of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842) - An unspecified vulnerability in the security subcomponent of Oracle Java SE, which could allow an unauthenticated local attacker to gain unauthorized access to critical Java SE data. (CVE-2019-2745) - Unspecified vulnerabilities in the networking and security subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to gain unauthorized access to Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818) - An unspecified vulnerability in the networking subcomponent of Oracle Java SE, which could allow an unauthenticated remote attacker unauthorized read, update, insert or delete access to Java SE data. (CVE-2019-2816) - An unspecified vulnerability in the JSSE subcomponent of Oracle Java SE, which could allow an unauthenticated, remote attacker to gain unauthorized access to critical Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2821) - A use after free vulnerability exists in the libpng subcomponent of Oracle Java SE. An unauthenticated, remote attacker can exploit this to cause a complete denial of service condition in Java SE. Exploitation of this vulnerability requires user interaction. (CVE-2019-7317) Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126820
    published2019-07-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126820
    titleOracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU) (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(126820);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/21 11:55:47");
    
      script_cve_id(
        "CVE-2019-2745",
        "CVE-2019-2762",
        "CVE-2019-2766",
        "CVE-2019-2769",
        "CVE-2019-2786",
        "CVE-2019-2816",
        "CVE-2019-2818",
        "CVE-2019-2821",
        "CVE-2019-2842",
        "CVE-2019-6129",
        "CVE-2019-7317"
      );
      script_bugtraq_id(
        108098,
        109184,
        109185,
        109186,
        109187,
        109188,
        109189,
        109201,
        109206,
        109210,
        109212
      );
      script_xref(name:"IAVA", value:"2019-A-0255");
    
      script_name(english:"Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU) (Unix)");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host contains a programming platform that is affected
    by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle (formerly Sun) Java SE or Java for Business
    installed on the remote host is prior to 7 Update 231, 8 Update 221,
    11 Update 4, or 12 Update 2. It is, therefore, affected by multiple
    vulnerabilities:
    
      - Unspecified vulnerabilities in the utilities and JCE 
        subcomponents of Oracle Java SE, which could allow an 
        unauthenticated remote attacker to cause a partial denial 
        of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)
    
      - An unspecified vulnerability in the security subcomponent 
        of Oracle Java SE, which could allow an unauthenticated 
        local attacker to gain unauthorized access to critical Java 
        SE data. (CVE-2019-2745)
    
      - Unspecified vulnerabilities in the networking and security 
        subcomponents of Oracle Java SE, which could allow an 
        unauthenticated remote attacker to gain unauthorized 
        access to Java SE data. Exploitation of this vulnerability 
        requires user interaction. 
        (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)
    
      - An unspecified vulnerability in the networking subcomponent
        of Oracle Java SE, which could allow an unauthenticated 
        remote attacker unauthorized read, update, insert or
        delete access to Java SE data. (CVE-2019-2816)
    
      - An unspecified vulnerability in the JSSE subcomponent of 
        Oracle Java SE, which could allow an unauthenticated, 
        remote attacker to gain unauthorized access to critical
        Java SE data. Exploitation of this vulnerability requires 
        user interaction. (CVE-2019-2821)
    
      - A use after free vulnerability exists in the libpng 
        subcomponent of Oracle Java SE. An unauthenticated, 
        remote attacker can exploit this to cause a complete
        denial of service condition in Java SE. Exploitation 
        of this vulnerability requires user interaction.
        (CVE-2019-7317)
    
    Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9aa2b901");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle JDK / JRE 12 Update 2 , 11 Update 4, 8 Update 221
    / 7 Update 231 or later. If necessary, remove any affected versions.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2816");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"agent", value:"unix");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit('Host/Java/JRE/Unmanaged/*');
    
    info = '';
    vuln = 0;
    vuln2 = 0;
    installed_versions = '';
    granular = '';
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - 'Host/Java/JRE/Unmanaged/';
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + ' & ' + ver;
    
    # Fixes : (JDK|JRE) 12 Update 2 / 11 Update 4 / 8 Update 221 / 7 Update 231 
      if (
        ver_compare(minver:'1.7.0', ver:ver, fix:'1.7.0_231', regexes:{0:"_(\d+)"}, strict:FALSE) < 0 ||
        ver_compare(minver:'1.8.0', ver:ver, fix:'1.8.0_221', regexes:{0:"_(\d+)"}, strict:FALSE) < 0 ||
        ver_compare(minver:'1.11.0', ver:ver, fix:'1.11.0_4', regexes:{0:"_(\d+)"}, strict:FALSE) < 0 ||
        ver_compare(minver:'1.12.0', ver:ver, fix:'1.12.0_2', regexes:{0:"_(\d+)"}, strict:FALSE) < 0
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += 'The Oracle Java version '+ver+' at '+dir+' is not granular enough to make a determination.'+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (vuln > 1) s = 's of Java are';
      else s = ' of Java is';
    
      report =
        '\n' +
        'The following vulnerable instance'+s+' installed on the\n' +
        'remote host :\n' +
        info;
      security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, 'The Java '+installed_versions+' installations on the remote host are not affected.');
      else
        audit(AUDIT_INST_VER_NOT_VULN, 'Java', installed_versions);
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4083-1.NASL
    descriptionIt was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769) It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786) Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816) It was discovered that the ChaCha20Cipher implementation in OpenJDK did not use constant time computations in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2818) It was discovered that the Java Secure Socket Extension (JSSE) component in OpenJDK did not properly handle OCSP stapling messages during TLS handshake in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2821) It was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127800
    published2019-08-12
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127800
    titleUbuntu 18.04 LTS / 19.04 : openjdk-lts vulnerabilities (USN-4083-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4083-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127800);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-7317");
      script_xref(name:"USN", value:"4083-1");
    
      script_name(english:"Ubuntu 18.04 LTS / 19.04 : openjdk-lts vulnerabilities (USN-4083-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that OpenJDK did not sufficiently validate serial
    streams before deserializing suppressed exceptions in some situations.
    An attacker could use this to specially craft an object that, when
    deserialized, would cause a denial of service. (CVE-2019-2762)
    
    It was discovered that in some situations OpenJDK did not properly
    bound the amount of memory allocated during object deserialization. An
    attacker could use this to specially craft an object that, when
    deserialized, would cause a denial of service (excessive memory
    consumption). (CVE-2019-2769)
    
    It was discovered that OpenJDK did not properly restrict privileges in
    certain situations. An attacker could use this to specially construct
    an untrusted Java application or applet that could escape sandbox
    restrictions. (CVE-2019-2786)
    
    Jonathan Birch discovered that the Networking component of OpenJDK did
    not properly validate URLs in some situations. An attacker could use
    this to bypass restrictions on characters in URLs. (CVE-2019-2816)
    
    It was discovered that the ChaCha20Cipher implementation in OpenJDK
    did not use constant time computations in some situations. An attacker
    could use this to expose sensitive information. (CVE-2019-2818)
    
    It was discovered that the Java Secure Socket Extension (JSSE)
    component in OpenJDK did not properly handle OCSP stapling messages
    during TLS handshake in some situations. An attacker could use this to
    expose sensitive information. (CVE-2019-2821)
    
    It was discovered that OpenJDK incorrectly handled certain memory
    operations. If a user or automated system were tricked into opening a
    specially crafted PNG file, a remote attacker could use this issue to
    cause OpenJDK to crash, resulting in a denial of service, or possibly
    execute arbitrary code. (CVE-2019-7317).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4083-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2816");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jdk", pkgver:"11.0.4+11-1ubuntu2~18.04.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jdk-headless", pkgver:"11.0.4+11-1ubuntu2~18.04.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jre", pkgver:"11.0.4+11-1ubuntu2~18.04.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jre-headless", pkgver:"11.0.4+11-1ubuntu2~18.04.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jre-zero", pkgver:"11.0.4+11-1ubuntu2~18.04.3")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jdk", pkgver:"11.0.4+11-1ubuntu2~19.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jdk-headless", pkgver:"11.0.4+11-1ubuntu2~19.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jre", pkgver:"11.0.4+11-1ubuntu2~19.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jre-headless", pkgver:"11.0.4+11-1ubuntu2~19.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jre-zero", pkgver:"11.0.4+11-1ubuntu2~19.04")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk-11-jdk / openjdk-11-jdk-headless / openjdk-11-jre / etc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136109
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136109
    titlePhoton OS 1.0: Openjdk11 PHSA-2020-1.0-0290
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0290. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136109);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2018-3136",
        "CVE-2018-3139",
        "CVE-2018-3149",
        "CVE-2018-3150",
        "CVE-2018-3157",
        "CVE-2018-3169",
        "CVE-2018-3180",
        "CVE-2018-3183",
        "CVE-2018-3211",
        "CVE-2018-11212",
        "CVE-2018-13785",
        "CVE-2018-14048",
        "CVE-2019-2422",
        "CVE-2019-2426",
        "CVE-2019-2602",
        "CVE-2019-2684",
        "CVE-2019-2745",
        "CVE-2019-2762",
        "CVE-2019-2766",
        "CVE-2019-2769",
        "CVE-2019-2786",
        "CVE-2019-2816",
        "CVE-2019-2818",
        "CVE-2019-2821",
        "CVE-2019-2894",
        "CVE-2019-2933",
        "CVE-2019-2945",
        "CVE-2019-2949",
        "CVE-2019-2958",
        "CVE-2019-2962",
        "CVE-2019-2964",
        "CVE-2019-2973",
        "CVE-2019-2975",
        "CVE-2019-2977",
        "CVE-2019-2978",
        "CVE-2019-2981",
        "CVE-2019-2983",
        "CVE-2019-2987",
        "CVE-2019-2988",
        "CVE-2019-2989",
        "CVE-2019-2992",
        "CVE-2019-2999",
        "CVE-2020-2583",
        "CVE-2020-2590",
        "CVE-2020-2593",
        "CVE-2020-2601",
        "CVE-2020-2654",
        "CVE-2020-2655",
        "CVE-2020-2754",
        "CVE-2020-2755",
        "CVE-2020-2756",
        "CVE-2020-2757",
        "CVE-2020-2767",
        "CVE-2020-2773",
        "CVE-2020-2778",
        "CVE-2020-2781",
        "CVE-2020-2800",
        "CVE-2020-2803",
        "CVE-2020-2805",
        "CVE-2020-2816",
        "CVE-2020-2830"
      );
      script_bugtraq_id(
        105587,
        105591,
        105595,
        105597,
        105599,
        105601,
        105602,
        105608,
        105617,
        105622,
        106583,
        106590,
        106596,
        107918,
        107922,
        109184,
        109185,
        109186,
        109187,
        109188,
        109189,
        109201,
        109210
      );
    
      script_name(english:"Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openjdk11 package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-290.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3183");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-debuginfo-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-doc-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-src-11.0.7-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk11");
    }
    
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_JUL_2019.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities: - Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to cause a partial denial of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842) - An unspecified vulnerability in the security subcomponent of Oracle Java SE, which could allow an unauthenticated local attacker to gain unauthorized access to critical Java SE data. (CVE-2019-2745) - Unspecified vulnerabilities in the networking and security subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to gain unauthorized access to Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818) - An unspecified vulnerability in the networking subcomponent of Oracle Java SE, which could allow an unauthenticated remote attacker unauthorized read, update, insert or delete access to Java SE data. (CVE-2019-2816) - An unspecified vulnerability in the JSSE subcomponent of Oracle Java SE, which could allow an unauthenticated, remote attacker to gain unauthorized access to critical Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2821) - A use after free vulnerability exists in the libpng subcomponent of Oracle Java SE. An unauthenticated, remote attacker can exploit this to cause a complete denial of service condition in Java SE. Exploitation of this vulnerability requires user interaction. (CVE-2019-7317) Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126821
    published2019-07-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126821
    titleOracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1810.NASL
    descriptionFrom Red Hat Security Advisory 2019:1810 : An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126936
    published2019-07-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126936
    titleOracle Linux 7 : java-11-openjdk (ELSA-2019-1810)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0035_OPENJDK8.NASL
    descriptionAn update of the openjdk8 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id130102
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130102
    titlePhoton OS 3.0: Openjdk8 PHSA-2019-3.0-0035
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1810.NASL
    descriptionAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126989
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126989
    titleCentOS 7 : java-11-openjdk (CESA-2019:1810)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1817.NASL
    descriptionFrom Red Hat Security Advisory 2019:1817 : An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127602
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127602
    titleOracle Linux 8 : java-11-openjdk (ELSA-2019-1817)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4486.NASL
    descriptionSeveral vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
    last seen2020-06-01
    modified2020-06-02
    plugin id126967
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126967
    titleDebian DSA-4486-1 : openjdk-11 - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1810.NASL
    descriptionAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126939
    published2019-07-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126939
    titleRHEL 7 : java-11-openjdk (RHSA-2019:1810)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0173_OPENJDK8.NASL
    descriptionAn update of the openjdk8 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128736
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128736
    titlePhoton OS 2.0: Openjdk8 PHSA-2019-2.0-0173
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2002-1.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues : Security issues fixed : CVE-2019-2745: Improved ECC Implementation (bsc#1141784). CVE-2019-2762: Exceptional throw cases (bsc#1141782). CVE-2019-2766: Improve file protocol handling (bsc#1141789). CVE-2019-2769: Better copies of CopiesList (bsc#1141783). CVE-2019-2786: More limited privilege usage (bsc#1141787). CVE-2019-7317: Improve PNG support options (bsc#1141780). CVE-2019-2818: Better Poly1305 support (bsc#1141788). CVE-2019-2816: Normalize normalization (bsc#1141785). CVE-2019-2821: Improve TLS negotiation (bsc#1141781). Certificate validation improvements Non-security issues fixed: Do not fail installation when the manpages are not present (bsc#1115375) Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127745
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127745
    titleSUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:2002-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1916.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues : Security issues fixed : - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-7317: Improve PNG support options (bsc#1141780). - CVE-2019-2818: Better Poly1305 support (bsc#1141788). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2821: Improve TLS negotiation (bsc#1141781). - Certificate validation improvements Non-security issues fixed : - Do not fail installation when the manpages are not present (bsc#1115375) - Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128008
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128008
    titleopenSUSE Security Update : java-11-openjdk (openSUSE-2019-1916)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190722_JAVA_11_OPENJDK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) - OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) - OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)
    last seen2020-03-18
    modified2019-07-23
    plugin id126944
    published2019-07-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126944
    titleScientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20190722)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1817.NASL
    descriptionAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126943
    published2019-07-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126943
    titleRHEL 8 : java-11-openjdk (RHSA-2019:1817)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-08
    modified2020-05-05
    plugin id136333
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136333
    titlePhoton OS 2.0: Openjdk11 PHSA-2020-2.0-0235
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1246.NASL
    descriptionOpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) libpng: png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317) OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) OpenJDK: Insufficient permission checks for file:// URLs on Windows (Networking, 8213431) (CVE-2019-2766) OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) ( CVE-2019-2818) OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821)
    last seen2020-06-01
    modified2020-06-02
    plugin id126958
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126958
    titleAmazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136100
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136100
    titlePhoton OS 3.0: Openjdk11 PHSA-2020-3.0-0084

Redhat

advisories
  • bugzilla
    id1730415
    titleCVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-11-openjdk-javadoc-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810001
          • commentjava-11-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521026
        • AND
          • commentjava-11-openjdk-devel is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810003
          • commentjava-11-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521004
        • AND
          • commentjava-11-openjdk-demo-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810005
          • commentjava-11-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521030
        • AND
          • commentjava-11-openjdk-src-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810007
          • commentjava-11-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521010
        • AND
          • commentjava-11-openjdk-devel-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810009
          • commentjava-11-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521020
        • AND
          • commentjava-11-openjdk-demo is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810011
          • commentjava-11-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521016
        • AND
          • commentjava-11-openjdk-src is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810013
          • commentjava-11-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521012
        • AND
          • commentjava-11-openjdk-jmods-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810015
          • commentjava-11-openjdk-jmods-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521014
        • AND
          • commentjava-11-openjdk-javadoc-zip-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810017
          • commentjava-11-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521028
        • AND
          • commentjava-11-openjdk-jmods is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810019
          • commentjava-11-openjdk-jmods is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521022
        • AND
          • commentjava-11-openjdk-headless-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810021
          • commentjava-11-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521008
        • AND
          • commentjava-11-openjdk-javadoc-zip is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810023
          • commentjava-11-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521032
        • AND
          • commentjava-11-openjdk-javadoc is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810025
          • commentjava-11-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521018
        • AND
          • commentjava-11-openjdk-debug is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810027
          • commentjava-11-openjdk-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521024
        • AND
          • commentjava-11-openjdk is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810029
          • commentjava-11-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521006
        • AND
          • commentjava-11-openjdk-headless is earlier than 1:11.0.4.11-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20191810031
          • commentjava-11-openjdk-headless is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521002
    rhsa
    idRHSA-2019:1810
    released2019-07-22
    severityModerate
    titleRHSA-2019:1810: java-11-openjdk security update (Moderate)
  • bugzilla
    id1730415
    titleCVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentjava-11-openjdk-devel is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817001
          • commentjava-11-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521004
        • AND
          • commentjava-11-openjdk is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817003
          • commentjava-11-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521006
        • AND
          • commentjava-11-openjdk-src is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817005
          • commentjava-11-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521012
        • AND
          • commentjava-11-openjdk-jmods is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817007
          • commentjava-11-openjdk-jmods is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521022
        • AND
          • commentjava-11-openjdk-headless is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817009
          • commentjava-11-openjdk-headless is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521002
        • AND
          • commentjava-11-openjdk-debugsource is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817011
          • commentjava-11-openjdk-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191518010
        • AND
          • commentjava-11-openjdk-demo is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817013
          • commentjava-11-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521016
        • AND
          • commentjava-11-openjdk-javadoc-zip is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817015
          • commentjava-11-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521032
        • AND
          • commentjava-11-openjdk-javadoc is earlier than 1:11.0.4.11-0.el8_0
            ovaloval:com.redhat.rhsa:tst:20191817017
          • commentjava-11-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521018
    rhsa
    idRHSA-2019:1817
    released2019-07-22
    severityModerate
    titleRHSA-2019:1817: java-11-openjdk security update (Moderate)
rpms
  • java-11-openjdk-1:11.0.4.11-0.el7_6
  • java-11-openjdk-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-debuginfo-1:11.0.4.11-0.el7_6
  • java-11-openjdk-demo-1:11.0.4.11-0.el7_6
  • java-11-openjdk-demo-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-devel-1:11.0.4.11-0.el7_6
  • java-11-openjdk-devel-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-headless-1:11.0.4.11-0.el7_6
  • java-11-openjdk-headless-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-javadoc-1:11.0.4.11-0.el7_6
  • java-11-openjdk-javadoc-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-javadoc-zip-1:11.0.4.11-0.el7_6
  • java-11-openjdk-javadoc-zip-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-jmods-1:11.0.4.11-0.el7_6
  • java-11-openjdk-jmods-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-src-1:11.0.4.11-0.el7_6
  • java-11-openjdk-src-debug-1:11.0.4.11-0.el7_6
  • java-11-openjdk-1:11.0.4.11-0.el8_0
  • java-11-openjdk-debuginfo-1:11.0.4.11-0.el8_0
  • java-11-openjdk-debugsource-1:11.0.4.11-0.el8_0
  • java-11-openjdk-demo-1:11.0.4.11-0.el8_0
  • java-11-openjdk-devel-1:11.0.4.11-0.el8_0
  • java-11-openjdk-devel-debuginfo-1:11.0.4.11-0.el8_0
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.4.11-0.el8_0
  • java-11-openjdk-headless-1:11.0.4.11-0.el8_0
  • java-11-openjdk-headless-debuginfo-1:11.0.4.11-0.el8_0
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.4.11-0.el8_0
  • java-11-openjdk-javadoc-1:11.0.4.11-0.el8_0
  • java-11-openjdk-javadoc-zip-1:11.0.4.11-0.el8_0
  • java-11-openjdk-jmods-1:11.0.4.11-0.el8_0
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.4.11-0.el8_0
  • java-11-openjdk-src-1:11.0.4.11-0.el8_0