7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.4%
This update for java-1_7_0-openjdk fixes the following issues :
Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)
Security fixes
S8163520, CVE-2017-3509: Reuse cache entries
S8163528, CVE-2017-3511: Better library loading
S8165626, CVE-2017-3512: Improved window framing
S8167110, CVE-2017-3514: Windows peering issue
S8169011, CVE-2017-3526: Resizing XML parse trees
S8170222, CVE-2017-3533: Better transfers of files
S8171121, CVE-2017-3539: Enhancing jar checking
S8171533, CVE-2017-3544: Better email transfer
S8172299: Improve class processing
New features
PR3347: jstack.stp should support AArch64
Import of OpenJDK 7 u141 build 0
S4717864: setFont() does not update Fonts of Menus already on screen
S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
S6518907: cleanup IA64 specific code in Hotspot
S6869327: Add new C2 flag to keep safepoints in counted loops.
S7112912: Message ‘Error occurred during initialization of VM’ on boxes with lots of RAM
S7124213: [macosx] pack() does ignore size of a component; doesn’t on the other platforms
S7124219: [macosx] Unable to draw images to fullscreen
S7124552: [macosx] NullPointerException in getBufferStrategy()
S7148275: [macosx] setIconImages() not working correctly (distorted icon when minimized)
S7154841: [macosx] Popups appear behind taskbar
S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.ja va hangs on win 64 bit with jdk8
S7160627: [macosx] TextArea has wrong initial size
S7167293: FtpURLConnection connection leak on FileNotFoundException
S7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray
S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile error
S8005255: [macosx] Cleanup warnings in sun.lwawt
S8006088: Incompatible heap size flags accepted by VM
S8007295: Reduce number of warnings in awt classes
S8010722: assert: failed: heap size is too big for compressed oops
S8011059: [macosx] Support automatic @2x images loading on Mac OS X
S8014058: Regression tests for 8006088
S8014489:
tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeF lags jtreg tests invoke wrong class
S8016302: Change type of the number of GC workers to unsigned int (2)
S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not compile.
S8024669: Native OOME when allocating after changes to maximum heap supporting Coops sizing on sparcv9
S8024926: [macosx] AquaIcon HiDPI support
S8025974: l10n for policytool
S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible
S8028212: Custom cursor HiDPI support
S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck optimization.
S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren’t rendered in high resolution on Retina
S8033534: [macosx] Get MultiResolution image from native system
S8033786: White flashing when opening Dialogs and Menus using Nimbus with dark background
S8035568: [macosx] Cursor management unification
S8041734: JFrame in full screen mode leaves empty workspace after close
S8059803: Update use of GetVersionEx to get correct Windows version in hs_err files
S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0
S8079595: Resizing dialog which is JWindow parent makes JVM crash
S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus
S8130769: The new menu can’t be shown on the menubar after clicking the ‘Add’ button.
S8133357: 8u65 l10n resource file translation update
S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException
S8147842: IME Composition Window is displayed at incorrect location
S8147910: Cache initial active_processor_count
S8150490: Update OS detection code to recognize Windows Server 2016
S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
S8161993: G1 crashes if active_processor_count changes during startup
S8162603: Unrecognized VM option ‘UseCountedLoopSafepoints’
S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently
S8164533:
sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with ‘Error while cleaning up threads after test’
S8167179: Make XSL generated namespace prefixes local to transformation process
S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
S8169589: [macosx] Activating a JDialog puts to back another dialog
S8170307: Stack size option -Xss is ignored
S8170316: (tz) Support tzdata2016j
S8170814: Reuse cache entries (part II)
S8171388: Update JNDI Thread contexts
S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state
S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/Modele ssDialog test fails as DummyButton on Dialog did not gain focus when clicked.
S8173931: 8u131 L10n resource file update
S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle
S8175087: [bsd] Fix build after ‘8024900: PPC64: Enable new build on AIX (jdk part)’
S8175163: [bsd] Fix build after ‘8005629: javac warnings compiling java.awt.EventDispatchThread…’
S8176044: (tz) Support tzdata2017a
Import of OpenJDK 7 u141 build 1
S8043723: max_heap_for_compressed_oops() declared with size_t, but defined with uintx
Import of OpenJDK 7 u141 build 2
S8011123: serialVersionUID of java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82
Backports
S6515172, PR3362: Runtime.availableProcessors() ignores Linux taskset command
S8022284, PR3209: Hide internal data structure in PhaseCFG
S8023003, PR3209: Cleanup the public interface to PhaseCFG
S8023691, PR3209: Create interface for nodes in class Block
S8023988, PR3209: Move local scheduling of nodes to the CFG creation and code motion phase (PhaseCFG)
S8043780, PR3369: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC)
S8157306, PR3209: Random infrequent NULL pointer exceptions in javac
S8173783, PR3329: IllegalArgumentException:
jdk.tls.namedGroups
S8173941, PR3330: SA does not work if executable is DSO
S8174729, PR3361: Race Condition in java.lang.reflect.WeakCache
Bug fixes
PR3349: Architectures unsupported by SystemTap tapsets throw a parse error
PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh
PR3379: Perl should be mandatory
PR3390: javac.in and javah.in should use @PERL@ rather than a hardcoded path
CACAO
PR2732: Raise javadoc memory limits for CACAO again!
AArch64 port
S8177661, PR3367: Correct ad rule output register types from iRegX to iRegXNoSp
Get ecj.jar path from gcj, use the gcc variant that provides Java to build C code to make sure jni.h is available.
S8167104, CVE-2017-3289: Additional class construction
S6253144: Long narrowing conversion should describe the
S6328537: Improve javadocs for Socket class by adding
S6978886: javadoc shows stacktrace after print error
S6995421: Eliminate the static dependency to
S7027045: (doc) java/awt/Window.java has several typos in
S7054969: Null-check-in-finally pattern in java/security
S7072353: JNDI libraries do not build with javac
-Xlint:all
S7092447: Clarify the default locale used in each locale
S7103570: AtomicIntegerFieldUpdater does not work when
S7187144: JavaDoc for ScriptEngineFactory.getProgram()
S8000418: javadoc should used a standard 'generated by
S8000666: javadoc should write directly to Writer instead of
S8000970: break out auxiliary classes that will prevent
S8001669: javadoc internal DocletAbortException should set
S8011402: Move blacklisting certificate logic from hard code
S8011547: Update XML Signature implementation to Apache
S8012288: XML DSig API allows wrong tag names and extra
S8017325: Cleanup of the javadoc <code> tag in
S8017326: Cleanup of the javadoc <code> tag in
S8019772: Fix doclint issues in javax.crypto and
S8020688: Broken links in documentation at
S8021108: Clean up doclint warnings and errors in java.text
S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMe thods
S8025409: Fix javadoc comments errors and warning reported by
S8026021: more fix of javadoc errors and warnings reported by
S8037099: [macosx] Remove all references to GC from native
S8038184: XMLSignature throws StringIndexOutOfBoundsException
S8038349: Signing XML with DSA throws Exception when key is
S8049244: XML Signature performance issue caused by
S8050893: (smartcardio) Invert reset argument in tests in
S8059212: Modify sun/security/smartcardio manual regression
S8068279: (typo in the spec)
S8068491: Update the protocol for references of
S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs
S8076369: Introduce the jdk.tls.client.protocols system
S8139565: Restrict certificates with DSA keys less than 1024
S8140422: Add mechanism to allow non default root CAs to be
S8140587: Atomic*FieldUpdaters should use Class.isInstance
S8149029: Secure validation of XML based digital signature
S8151893: Add security property to configure XML Signature
S8161228: URL objects with custom protocol handlers have port
S8163304: jarsigner -verbose -verify should print the
S8164908: ReflectionFactory support for IIOP and custom
S8165230: RMIConnection addNotificationListeners failing with
S8166393: disabledAlgorithms property should not be strictly
S8166591: [macos 10.12] Trackpad scrolling of text on OS X
S8166739: Improve extensibility of ObjectInputFilter
S8167356: Follow up fix for jdk8 backport of 8164143.
Changes
S8167459: Add debug output for indicating if a chosen
S8168861: AnchorCertificates uses hardcoded password for
S8169688: Backout (remove) MD5 from
S8169911: Enhanced tests for jarsigner -verbose -verify after
S8170131: Certificates not being blocked by
S8173854: [TEST] Update DHEKeySizing test case following
S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on
S8000351, PR3316, RH1390708: Tenuring threshold should be
S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak :
S8170888, PR3316, RH1390708: [linux] Experimental support for
PR3318: Replace ‘infinality’ with ‘improved font rendering’
PR3324: Fix NSS_LIBDIR substitution in
S8165673, PR3320: AArch64: Fix JNI floating point argument
This update was imported from the SUSE:SLE-12:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-629.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(100503);
script_version("3.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-3289", "CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3512", "CVE-2017-3514", "CVE-2017-3526", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544");
script_name(english:"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)");
script_summary(english:"Check for the openSUSE-2017-629 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for java-1_7_0-openjdk fixes the following issues :
- Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)
- Security fixes
- S8163520, CVE-2017-3509: Reuse cache entries
- S8163528, CVE-2017-3511: Better library loading
- S8165626, CVE-2017-3512: Improved window framing
- S8167110, CVE-2017-3514: Windows peering issue
- S8169011, CVE-2017-3526: Resizing XML parse trees
- S8170222, CVE-2017-3533: Better transfers of files
- S8171121, CVE-2017-3539: Enhancing jar checking
- S8171533, CVE-2017-3544: Better email transfer
- S8172299: Improve class processing
- New features
- PR3347: jstack.stp should support AArch64
- Import of OpenJDK 7 u141 build 0
- S4717864: setFont() does not update Fonts of Menus
already on screen
- S6474807: (smartcardio) CardTerminal.connect() throws
CardException instead of CardNotPresentException
- S6518907: cleanup IA64 specific code in Hotspot
- S6869327: Add new C2 flag to keep safepoints in counted
loops.
- S7112912: Message 'Error occurred during initialization
of VM' on boxes with lots of RAM
- S7124213: [macosx] pack() does ignore size of a
component; doesn't on the other platforms
- S7124219: [macosx] Unable to draw images to fullscreen
- S7124552: [macosx] NullPointerException in
getBufferStrategy()
- S7148275: [macosx] setIconImages() not working correctly
(distorted icon when minimized)
- S7154841: [macosx] Popups appear behind taskbar
- S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.ja
va hangs on win 64 bit with jdk8
- S7160627: [macosx] TextArea has wrong initial size
- S7167293: FtpURLConnection connection leak on
FileNotFoundException
- S7168851: [macosx] Netbeans crashes in
CImage.nativeCreateNSImageFromArray
- S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh
failed, compile error
- S8005255: [macosx] Cleanup warnings in sun.lwawt
- S8006088: Incompatible heap size flags accepted by VM
- S8007295: Reduce number of warnings in awt classes
- S8010722: assert: failed: heap size is too big for
compressed oops
- S8011059: [macosx] Support automatic @2x images loading
on Mac OS X
- S8014058: Regression tests for 8006088
- S8014489:
tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeF
lags jtreg tests invoke wrong class
- S8016302: Change type of the number of GC workers to
unsigned int (2)
- S8024662: gc/arguments/TestUseCompressedOopsErgo.java
does not compile.
- S8024669: Native OOME when allocating after changes to
maximum heap supporting Coops sizing on sparcv9
- S8024926: [macosx] AquaIcon HiDPI support
- S8025974: l10n for policytool
- S8027025: [macosx] getLocationOnScreen returns 0 if
parent invisible
- S8028212: Custom cursor HiDPI support
- S8028471: PPC64 (part 215): opto: Extend
ImplicitNullCheck optimization.
- S8031573: [macosx] Checkmarks of JCheckBoxMenuItems
aren't rendered in high resolution on Retina
- S8033534: [macosx] Get MultiResolution image from native
system
- S8033786: White flashing when opening Dialogs and Menus
using Nimbus with dark background
- S8035568: [macosx] Cursor management unification
- S8041734: JFrame in full screen mode leaves empty
workspace after close
- S8059803: Update use of GetVersionEx to get correct
Windows version in hs_err files
- S8066504: GetVersionEx in
java.base/windows/native/libjava/java_props_md.c might
not get correct Windows version 0
- S8079595: Resizing dialog which is JWindow parent makes
JVM crash
- S8080729: [macosx] java 7 and 8 JDialogs on multiscreen
jump to parent frame on focus
- S8130769: The new menu can't be shown on the menubar
after clicking the 'Add' button.
- S8133357: 8u65 l10n resource file translation update
- S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java
test fails with NullPointerException
- S8147842: IME Composition Window is displayed at
incorrect location
- S8147910: Cache initial active_processor_count
- S8150490: Update OS detection code to recognize Windows
Server 2016
- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints
is enabled
- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
- S8161993: G1 crashes if active_processor_count changes
during startup
- S8162603: Unrecognized VM option
'UseCountedLoopSafepoints'
- S8162876: [TEST_BUG]
sun/net/www/protocol/http/HttpInputStream.java fails
intermittently
- S8164533:
sun/security/ssl/SSLSocketImpl/CloseSocket.java failed
with 'Error while cleaning up threads after test'
- S8167179: Make XSL generated namespace prefixes local to
transformation process
- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
- S8169589: [macosx] Activating a JDialog puts to back
another dialog
- S8170307: Stack size option -Xss is ignored
- S8170316: (tz) Support tzdata2016j
- S8170814: Reuse cache entries (part II)
- S8171388: Update JNDI Thread contexts
- S8171949: [macosx] AWT_ZoomFrame Automated tests fail
with error: The bitwise mask Frame.ICONIFIED is not
setwhen the frame is in ICONIFIED state
- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/Modele
ssDialog test fails as DummyButton on Dialog did not
gain focus when clicked.
- S8173931: 8u131 L10n resource file update
- S8174844: Incorrect GPL header causes RE script to miss
swap to commercial header for licensee source bundle
- S8175087: [bsd] Fix build after '8024900: PPC64: Enable
new build on AIX (jdk part)'
- S8175163: [bsd] Fix build after '8005629: javac warnings
compiling java.awt.EventDispatchThread...'
- S8176044: (tz) Support tzdata2017a
- Import of OpenJDK 7 u141 build 1
- S8043723: max_heap_for_compressed_oops() declared with
size_t, but defined with uintx
- Import of OpenJDK 7 u141 build 2
- S8011123: serialVersionUID of
java.awt.dnd.InvalidDnDOperationException changed in
JDK8-b82
- Backports
- S6515172, PR3362: Runtime.availableProcessors() ignores
Linux taskset command
- S8022284, PR3209: Hide internal data structure in
PhaseCFG
- S8023003, PR3209: Cleanup the public interface to
PhaseCFG
- S8023691, PR3209: Create interface for nodes in class
Block
- S8023988, PR3209: Move local scheduling of nodes to the
CFG creation and code motion phase (PhaseCFG)
- S8043780, PR3369: Use open(O_CLOEXEC) instead of
fcntl(FD_CLOEXEC)
- S8157306, PR3209: Random infrequent NULL pointer
exceptions in javac
- S8173783, PR3329: IllegalArgumentException:
jdk.tls.namedGroups
- S8173941, PR3330: SA does not work if executable is DSO
- S8174729, PR3361: Race Condition in
java.lang.reflect.WeakCache
- Bug fixes
- PR3349: Architectures unsupported by SystemTap tapsets
throw a parse error
- PR3370: Disable ARM32 JIT by default in
jdk_generic_profile.sh
- PR3379: Perl should be mandatory
- PR3390: javac.in and javah.in should use @PERL@ rather
than a hardcoded path
- CACAO
- PR2732: Raise javadoc memory limits for CACAO again!
- AArch64 port
- S8177661, PR3367: Correct ad rule output register types
from iRegX to iRegXNoSp
- Get ecj.jar path from gcj, use the gcc variant that
provides Java to build C code to make sure jni.h is
available.
- S8167104, CVE-2017-3289: Additional class construction
- S6253144: Long narrowing conversion should describe the
- S6328537: Improve javadocs for Socket class by adding
- S6978886: javadoc shows stacktrace after print error
- S6995421: Eliminate the static dependency to
- S7027045: (doc) java/awt/Window.java has several typos
in
- S7054969: Null-check-in-finally pattern in java/security
- S7072353: JNDI libraries do not build with javac
-Xlint:all
- S7092447: Clarify the default locale used in each locale
- S7103570: AtomicIntegerFieldUpdater does not work when
- S7187144: JavaDoc for ScriptEngineFactory.getProgram()
- S8000418: javadoc should used a standard 'generated by
- S8000666: javadoc should write directly to Writer
instead of
- S8000970: break out auxiliary classes that will prevent
- S8001669: javadoc internal DocletAbortException should
set
- S8011402: Move blacklisting certificate logic from hard
code
- S8011547: Update XML Signature implementation to Apache
- S8012288: XML DSig API allows wrong tag names and extra
- S8017325: Cleanup of the javadoc <code> tag in
- S8017326: Cleanup of the javadoc <code> tag in
- S8019772: Fix doclint issues in javax.crypto and
- S8020688: Broken links in documentation at
- S8021108: Clean up doclint warnings and errors in
java.text
- S8022120: JCK test
api/javax_xml/crypto/dsig/TransformService/index_ParamMe
thods
- S8025409: Fix javadoc comments errors and warning
reported by
- S8026021: more fix of javadoc errors and warnings
reported by
- S8037099: [macosx] Remove all references to GC from
native
- S8038184: XMLSignature throws
StringIndexOutOfBoundsException
- S8038349: Signing XML with DSA throws Exception when key
is
- S8049244: XML Signature performance issue caused by
- S8050893: (smartcardio) Invert reset argument in tests
in
- S8059212: Modify sun/security/smartcardio manual
regression
- S8068279: (typo in the spec)
- S8068491: Update the protocol for references of
- S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java
needs
- S8076369: Introduce the jdk.tls.client.protocols system
- S8139565: Restrict certificates with DSA keys less than
1024
- S8140422: Add mechanism to allow non default root CAs to
be
- S8140587: Atomic*FieldUpdaters should use
Class.isInstance
- S8149029: Secure validation of XML based digital
signature
- S8151893: Add security property to configure XML
Signature
- S8161228: URL objects with custom protocol handlers have
port
- S8163304: jarsigner -verbose -verify should print the
- S8164908: ReflectionFactory support for IIOP and custom
- S8165230: RMIConnection addNotificationListeners failing
with
- S8166393: disabledAlgorithms property should not be
strictly
- S8166591: [macos 10.12] Trackpad scrolling of text on OS
X
- S8166739: Improve extensibility of ObjectInputFilter
- S8167356: Follow up fix for jdk8 backport of 8164143.
Changes
- S8167459: Add debug output for indicating if a chosen
- S8168861: AnchorCertificates uses hardcoded password for
- S8169688: Backout (remove) MD5 from
- S8169911: Enhanced tests for jarsigner -verbose -verify
after
- S8170131: Certificates not being blocked by
- S8173854: [TEST] Update DHEKeySizing test case following
- S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef
on
- S8000351, PR3316, RH1390708: Tenuring threshold should
be
- S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak :
- S8170888, PR3316, RH1390708: [linux] Experimental
support for
- PR3318: Replace 'infinality' with 'improved font
rendering'
- PR3324: Fix NSS_LIBDIR substitution in
- S8165673, PR3320: AArch64: Fix JNI floating point
argument
+ S6604109, PR3162 :
- Add -fno-delete-null-pointer-checks -fno-lifetime-dse to
try to directory to be specified versions of IcedTea
This update was imported from the SUSE:SLE-12:Update update project."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034849"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected java-1_7_0-openjdk packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"patch_publication_date", value:"2017/05/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-accessibility-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-devel-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-headless-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-demo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-devel-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-headless-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-javadoc-1.7.0.141-42.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_7_0-openjdk-src-1.7.0.141-42.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk-bootstrap / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | java-1_7_0-openjdk | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk |
novell | opensuse | java-1_7_0-openjdk-accessibility | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility |
novell | opensuse | java-1_7_0-openjdk-bootstrap | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap |
novell | opensuse | java-1_7_0-openjdk-bootstrap-debuginfo | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo |
novell | opensuse | java-1_7_0-openjdk-bootstrap-debugsource | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource |
novell | opensuse | java-1_7_0-openjdk-bootstrap-devel | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel |
novell | opensuse | java-1_7_0-openjdk-bootstrap-devel-debuginfo | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo |
novell | opensuse | java-1_7_0-openjdk-bootstrap-headless | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless |
novell | opensuse | java-1_7_0-openjdk-bootstrap-headless-debuginfo | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo |
novell | opensuse | java-1_7_0-openjdk-debuginfo | p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3514
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3544
bugzilla.opensuse.org/show_bug.cgi?id=1034849
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.4%