Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202241661HistoryNov 23, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:4166-1)
2022-11-2300:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
6
suse-su-2022:4166-1
java-1_8_0-ibm
cve-2022-21626
cve-2022-21618
cve-2022-21619
cve-2022-21628
cve-2022-21624
cve-2022-39399
cve-2022-21549
cve-2022-21541
cve-2022-34169
security advisory
suse
remote host
java update
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.6%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.4166.1");
script_cve_id("CVE-2022-21540", "CVE-2022-21541", "CVE-2022-21549", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-34169", "CVE-2022-39399");
script_tag(name:"creation_date", value:"2022-11-23 00:15:45 +0000 (Wed, 23 Nov 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-30 15:03:15 +0000 (Tue, 30 Aug 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:4166-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP3|SLES15\.0SP4|SLES15\.0|SLES15\.0SP1|SLES15\.0SP2)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:4166-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20224166-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'java-1_8_0-ibm' package(s) announced via the SUSE-SU-2022:4166-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for java-1_8_0-ibm fixes the following issues:
CVE-2022-21626: An unauthenticated attacker with network access via
HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition
(bsc#1204471).
CVE-2022-21618: An unauthenticated attacker with network access via
Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise
Edition (bsc#1204468).
CVE-2022-21619: An unauthenticated attacker with network access via
multiple protocols to compromise Oracle Java SE (bsc#1204473).
CVE-2022-21628: An unauthenticated attacker with network access via HTTP
can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition
(bsc#1204472).
CVE-2022-21624: An unauthenticated attacker with network access via
multiple protocols to compromise Oracle Java SE, Oracle GraalVM
Enterprise (bsc#1204475).
CVE-2022-39399: An unauthenticated attacker with network access via HTTP
can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition
(bsc#1204480).
CVE-2022-21549: Fixed exponentials issue (bsc#1201685).
CVE-2022-21541: Fixed an improper restriction of
MethodHandle.invokeBasic() (bsc#1201692).
CVE-2022-34169, Fixed an integer truncation issue in Xalan (bsc#1201684).
CVE-2022-21540: Fixed a class compilation issue (bsc#1201694).
Update to Java 8.0 Service Refresh 7 Fix Pack 20.
* Security:
- The IBM ORB Does Not Support Object-Serialisation Data Filtering
- Large Allocation In CipherSuite
- Avoid Evaluating Sslalgorithmconstraints Twice
- Cache The Results Of Constraint Checks
- An incorrect ShortBufferException is thrown by IBMJCEPlus,
IBMJCEPlusFIPS during cipher update operation
- Disable SHA-1 Signed Jars For Ea
- JSSE Performance Improvement
- Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
* Java 8/Orb:
- Upgrade ibmcfw.jar To Version o2228.02
* Class Libraries:
- Crash In Libjsor.So During An Rdma Failover
- High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
- Update Timezone Information To The Latest tzdata2022c
* Jit Compiler:
- Crash During JIT Compilation
- Incorrect JIT Optimization Of Java Code
- Incorrect Return From Class.isArray()
- Unexpected ClassCastException
- Performance Regression When Calling VM Helper Code On X86
* X/Os Extentions:
- Add RSA-OAEP Cipher Function To IBMJCECCA
Update to Java 8.0 Service Refresh 7 Fix Pack 16
* Java Virtual Machine
- Assertion failure at ClassLoaderRememberedSet.cpp
- Assertion failure at StandardAccessBarrier.cpp when
-Xgc:concurrentScavenge is set.
- GC can have unflushed ownable synchronizer objects which can
eventually lead to heap corruption and failure when
-Xgc:concurrentScavenge is set.
* JIT Compiler:
- Incorrect JIT optimization of Java code
- JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
* Reliability and Serviceability:
- javacore with 'kill -3' SIGQUIT signal freezes Java process");
script_tag(name:"affected", value:"'java-1_8_0-ibm' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Enterprise Storage 7, SUSE Linux Enterprise Module for Legacy Software 15-SP3, SUSE Linux Enterprise Module for Legacy Software 15-SP4, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Linux Enterprise Server for SAP 15-SP2, SUSE Manager Proxy 4.1, SUSE Manager Retail Branch Server 4.1, SUSE Manager Server 4.1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm", rpm:"java-1_8_0-ibm~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-alsa", rpm:"java-1_8_0-ibm-alsa~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-devel", rpm:"java-1_8_0-ibm-devel~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-plugin", rpm:"java-1_8_0-ibm-plugin~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm", rpm:"java-1_8_0-ibm~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-alsa", rpm:"java-1_8_0-ibm-alsa~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-devel", rpm:"java-1_8_0-ibm-devel~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-plugin", rpm:"java-1_8_0-ibm-plugin~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm", rpm:"java-1_8_0-ibm~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-devel", rpm:"java-1_8_0-ibm-devel~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm", rpm:"java-1_8_0-ibm~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-alsa", rpm:"java-1_8_0-ibm-alsa~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-devel", rpm:"java-1_8_0-ibm-devel~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-plugin", rpm:"java-1_8_0-ibm-plugin~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm", rpm:"java-1_8_0-ibm~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-alsa", rpm:"java-1_8_0-ibm-alsa~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-devel", rpm:"java-1_8_0-ibm-devel~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-ibm-plugin", rpm:"java-1_8_0-ibm-plugin~1.8.0_sr7.20~150000.3.65.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2022:4166-1)
2022-11-23 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-151)
2022-10-20 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-153)
2022-10-21 00:00:00
mageia
mageia
Updated java packages fix security vulnerability
2022-11-25 01:21:24
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0435)
2022-11-25 00:00:00
Ubuntu: Security Advisory (USN-5719-1)
2022-11-10 00:00:00
CentOS: Security Advisory for java-11-openjdk (CESA-2022:7008)
2022-10-27 00:00:00
oraclelinux
oraclelinux
java-11-openjdk security and bug fix update
2022-10-21 00:00:00
java-11-openjdk security and bug fix update
2022-10-21 00:00:00
java-17-openjdk security and bug fix update
2022-10-21 00:00:00
redhat
redhat
(RHSA-2022:7000) Moderate: java-17-openjdk security and bug fix update
2022-10-19 21:31:19
(RHSA-2022:7011) Moderate: java-11-openjdk security update
2022-10-19 21:23:44
(RHSA-2022:7001) Moderate: java-17-openjdk security update
2022-10-19 21:16:21
kaspersky
kaspersky
KLA20013 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-10-18 00:00:00
KLA12588 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-07-19 00:00:00
osv
osv
Moderate: java-17-openjdk security and bug fix update
2022-10-20 00:00:00
Moderate: java-17-openjdk security and bug fix update
2022-10-20 07:37:48
Moderate: java-11-openjdk security and bug fix update
2022-10-19 21:32:12
rocky
rocky
java-11-openjdk security and bug fix update
2022-10-20 07:40:35
java-11-openjdk security and bug fix update
2022-10-19 21:32:12
java-17-openjdk security and bug fix update
2022-10-19 21:31:19
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: java-11-openjdk-11.0.17.0.8-2.fc35
2022-11-03 15:31:22
[SECURITY] Fedora 37 Update: java-11-openjdk-11.0.17.0.8-1.fc37
2022-11-10 22:53:45
[SECURITY] Fedora 36 Update: java-11-openjdk-11.0.17.0.8-2.fc36
2022-11-03 15:58:43
almalinux
almalinux
Moderate: java-17-openjdk security and bug fix update
2022-10-20 00:00:00
Moderate: java-11-openjdk security and bug fix update
2022-10-20 00:00:00
Moderate: java-11-openjdk security and bug fix update
2022-10-19 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
2022-11-10 12:27:21
amazon
amazon
Medium: java-17-amazon-corretto
2022-10-17 21:46:00
Medium: java-11-amazon-corretto
2022-10-17 21:46:00
Important: java-17-amazon-corretto
2022-07-19 01:19:00
f5
f5
K46859523 : Multiple Java vulnerabilities
2022-10-21 00:00:00
broadcom
broadcom
centos
centos
java security update
2022-10-26 14:18:08
altlinux
altlinux
gentoo
gentoo
OpenJDK: Multiple Vulnerabilities
2024-01-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2151
2023-04-11 14:18:24
suse
suse
Security update for java-17-openjdk (important)
2022-08-03 00:00:00
Security update for java-1_8_0-ibm (important)
2022-08-31 00:00:00
debian
debian
[SECURITY] [DSA 5192-1] openjdk-17 security update
2022-07-26 20:13:06
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.6%
Related for OPENVAS:13614125623114202241661