openSUSE Security Update : java-11-openjdk (openSUSE-2019-161) - Nessus
Low Plugin ID: 122145This page contains detailed information about the openSUSE Security Update : java-11-openjdk (openSUSE-2019-161) Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.
Plugin Overview
ID: 122145
Name: openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)
Filename: openSUSE-2019-161.nasl
Vulnerability Published: 2018-05-16
This Plugin Published: 2019-02-13
Last Modification Time: 2021-01-19
Plugin Version: 1.4
Plugin Type: local
Plugin Family: SuSE Local Security Checks
Dependencies:
ssh_get_info.nasl
Required KB Items [?]: Host/cpu, Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list
Vulnerability Information
Severity: Low
Vulnerability Published: 2018-05-16
Patch Published: 2019-03-23
CVE [?]: CVE-2018-11212, CVE-2019-2422, CVE-2019-2426
CPE [?]: cpe:/o:novell:opensuse:15.0, p-cpe:/a:novell:opensuse:java-11-openjdk, p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo, p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-11-openjdk-demo, p-cpe:/a:novell:opensuse:java-11-openjdk-devel, p-cpe:/a:novell:opensuse:java-11-openjdk-headless, p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-11-openjdk-jmods, p-cpe:/a:novell:opensuse:java-11-openjdk-src
Synopsis
The remote openSUSE host is missing a security update.
Description
This update for java-11-openjdk to version 11.0.2+7 fixes the following issues :
Security issues fixed :
- CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293)
- CVE-2019-2426: Improve web server connections
- CVE-2018-11212: Improve JPEG processing (bsc#1122299)
- Better route routing
- Better interface enumeration
- Better interface lists
- Improve BigDecimal support
- Improve robot support
- Better icon support
- Choose printer defaults
- Proper allocation handling
- Initial class initialization
- More reliable p11 transactions
- Improve NIO stability
- Better loading of classloader classes
- Strengthen Windows Access Bridge Support
- Improved data set handling
- Improved LSA authentication
- Libsunmscapi improved interactions
Non-security issues fix :
- Do not resolve by default the added JavaEE modules (bsc#1120431)
- ~2.5% regression on compression benchmark starting with 12-b11
- java.net.http.HttpClient hangs on 204 reply without Content-length 0
- Add additional TeliaSonera root certificate
- Add more ld preloading related info to hs_error file on Linux
- Add test to exercise server-side client hello processing
- AES encrypt performance regression in jdk11b11
- AIX: ProcessBuilder: Piping between created processes does not work.
- AIX: Some class library files are missing the Classpath exception
- AppCDS crashes for some uses with JRuby
- Automate vtable/itable stub size calculation
- BarrierSetC1::generate_referent_check() confuses register allocator
- Better HTTP Redirection
- Catastrophic size_t underflow in BitMap::*_large methods
- Clip.isRunning() may return true after Clip.stop() was called
- Compiler thread creation should be bounded by available space in memory and Code Cache
- com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code
- Default mask register for avx512 instructions
- Delayed starting of debugging via jcmd
- Disable all DES cipher suites
- Disable anon and NULL cipher suites
- Disable unsupported GCs for Zero
- Epsilon alignment adjustments can overflow max TLAB size
- Epsilon elastic TLAB sizing may cause misalignment
- HotSpot update for vm_version.cpp to recognise updated VS2017
- HttpClient does not retrieve files with large sizes over HTTP/1.1
- IIOException 'tEXt chunk length is not proper' on opening png file
- Improve TLS connection stability again
- InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection
- Inspect stack during error reporting
- Instead of circle rendered in appl window, but ellipse is produced JEditor Pane
- Introduce diagnostic flag to abort VM on failed JIT compilation
- Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap
- jar has issues with UNC-path arguments for the jar -C parameter [windows]
- java.net.http HTTP client should allow specifying Origin and Referer headers
- java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8
- JDK 11.0.1 l10n resource file update
- JDWP Transport Listener: dt_socket thread crash
- JVMTI ResourceExhausted should not be posted in CompilerThread
- LDAPS communication failure with jdk 1.8.0_181
- linux: Poor StrictMath performance due to non-optimized compilation
- Missing synchronization when reading counters for live threads and peak thread count
- NPE in SupportedGroupsExtension
- OpenDataException thrown when constructing CompositeData for StackTraceElement
- Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader
- Populate handlers while holding streamHandlerLock
- ppc64: Enable POWER9 CPU detection
- print_location is not reliable enough (printing register info)
- Reconsider default option for ClassPathURLCheck change done in JDK-8195874
- Register to register spill may use AVX 512 move instruction on unsupported platform.
- s390: Use of shift operators not covered by cpp standard
- serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded
- SIGBUS in CodeHeapState::print_names()
- SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls
- Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAlloca tor
- Swing apps are slow if displaying from a remote source to many local displays
- switch jtreg to 4.2b13
- Test library OSInfo.getSolarisVersion cannot determine Solaris version
- TestOptionsWithRanges.java is very slow
- TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently
- The Japanese message of FileNotFoundException garbled
- The 'supported_groups' extension in ServerHellos
- ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData
- TimeZone.getDisplayName given Locale.US doesn't always honor the Locale.
- TLS 1.2 Support algorithm in SunPKCS11 provider
- TLS 1.3 handshake server name indication is missing on a session resume
- TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes
- TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth
- tz: Upgrade time-zone data to tzdata2018g
- Undefined behaviour in ADLC
- Update avx512 implementation
- URLStreamHandler initialization race
- UseCompressedOops requirement check fails fails on 32-bit system
- windows: Update OS detection code to recognize Windows Server 2019
- x86: assert on unbound assembler Labels used as branch targets
- x86: jck tests for ldc2_w bytecode fail
- x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
- '-XX:OnOutOfMemoryError' uses fork instead of vfork
This update was imported from the SUSE:SLE-15:Update update project.
Solution
Update the affected java-11-openjdk packages.
Public Exploits
Target Network Port(s): N/A
Target Asset(s): N/A
Exploit Available: True (GitHub)
Exploit Ease: Exploits (PoCs) are available
Here's the list of publicly known exploits and PoCs for verifying the openSUSE Security Update : java-11-openjdk (openSUSE-2019-161) vulnerability:
- GitHub: https://github.com/SycloverSecurity/http_ntlmrelayx
[CVE-2019-2426]
Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.
WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.
Risk Information
CVSS Score Source [?]: CVE-2019-2426
CVSS V2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
| CVSS Base Score: | 4.3 (Medium) |
| Impact Subscore: | 2.9 |
| Exploitability Subscore: | 8.6 |
| CVSS Temporal Score: | 3.2 (Low) |
| CVSS Environmental Score: | NA (None) |
| Modified Impact Subscore: | NA |
| Overall CVSS Score: | 3.2 (Low) |
| CVSS Base Score: | 3.7 (Low) |
| Impact Subscore: | 1.4 |
| Exploitability Subscore: | 2.2 |
| CVSS Temporal Score: | 3.2 (Low) |
| CVSS Environmental Score: | NA (None) |
| Modified Impact Subscore: | NA |
| Overall CVSS Score: | 3.2 (Low) |
Go back to menu.
Plugin Source
This is the openSUSE-2019-161.nasl nessus plugin source code. This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-161.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(122145);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2018-11212", "CVE-2019-2422", "CVE-2019-2426");
script_name(english:"openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)");
script_summary(english:"Check for the openSUSE-2019-161 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for java-11-openjdk to version 11.0.2+7 fixes the
following issues :
Security issues fixed :
- CVE-2019-2422: Better FileChannel transfer performance
(bsc#1122293)
- CVE-2019-2426: Improve web server connections
- CVE-2018-11212: Improve JPEG processing (bsc#1122299)
- Better route routing
- Better interface enumeration
- Better interface lists
- Improve BigDecimal support
- Improve robot support
- Better icon support
- Choose printer defaults
- Proper allocation handling
- Initial class initialization
- More reliable p11 transactions
- Improve NIO stability
- Better loading of classloader classes
- Strengthen Windows Access Bridge Support
- Improved data set handling
- Improved LSA authentication
- Libsunmscapi improved interactions
Non-security issues fix :
- Do not resolve by default the added JavaEE modules
(bsc#1120431)
- ~2.5% regression on compression benchmark starting with
12-b11
- java.net.http.HttpClient hangs on 204 reply without
Content-length 0
- Add additional TeliaSonera root certificate
- Add more ld preloading related info to hs_error file on
Linux
- Add test to exercise server-side client hello processing
- AES encrypt performance regression in jdk11b11
- AIX: ProcessBuilder: Piping between created processes
does not work.
- AIX: Some class library files are missing the Classpath
exception
- AppCDS crashes for some uses with JRuby
- Automate vtable/itable stub size calculation
- BarrierSetC1::generate_referent_check() confuses
register allocator
- Better HTTP Redirection
- Catastrophic size_t underflow in BitMap::*_large methods
- Clip.isRunning() may return true after Clip.stop() was
called
- Compiler thread creation should be bounded by available
space in memory and Code Cache
- com.sun.net.httpserver.HttpServer returns Content-length
header for 204 response code
- Default mask register for avx512 instructions
- Delayed starting of debugging via jcmd
- Disable all DES cipher suites
- Disable anon and NULL cipher suites
- Disable unsupported GCs for Zero
- Epsilon alignment adjustments can overflow max TLAB size
- Epsilon elastic TLAB sizing may cause misalignment
- HotSpot update for vm_version.cpp to recognise updated
VS2017
- HttpClient does not retrieve files with large sizes over
HTTP/1.1
- IIOException 'tEXt chunk length is not proper' on
opening png file
- Improve TLS connection stability again
- InitialDirContext ctor sometimes throws NPE if the
server has sent a disconnection
- Inspect stack during error reporting
- Instead of circle rendered in appl window, but ellipse
is produced JEditor Pane
- Introduce diagnostic flag to abort VM on failed JIT
compilation
- Invalid assert(HeapBaseMinAddress > 0) in
ReservedHeapSpace::initialize_compressed_heap
- jar has issues with UNC-path arguments for the jar -C
parameter [windows]
- java.net.http HTTP client should allow specifying Origin
and Referer headers
- java.nio.file.Files.writeString writes garbled UTF-16
instead of UTF-8
- JDK 11.0.1 l10n resource file update
- JDWP Transport Listener: dt_socket thread crash
- JVMTI ResourceExhausted should not be posted in
CompilerThread
- LDAPS communication failure with jdk 1.8.0_181
- linux: Poor StrictMath performance due to non-optimized
compilation
- Missing synchronization when reading counters for live
threads and peak thread count
- NPE in SupportedGroupsExtension
- OpenDataException thrown when constructing CompositeData
for StackTraceElement
- Parent class loader may not have a referred
ClassLoaderData instance when obtained in
Klass::class_in_module_of_loader
- Populate handlers while holding streamHandlerLock
- ppc64: Enable POWER9 CPU detection
- print_location is not reliable enough (printing register
info)
- Reconsider default option for ClassPathURLCheck change
done in JDK-8195874
- Register to register spill may use AVX 512 move
instruction on unsupported platform.
- s390: Use of shift operators not covered by cpp standard
- serviceability/sa/TestUniverse.java#id0 intermittently
fails with assert(get_instanceKlass()->is_loaded())
failed: must be at least loaded
- SIGBUS in CodeHeapState::print_names()
- SIGSEGV in MethodArityHistogram() with
-XX:+CountCompiledCalls
- Soft reference reclamation race in
com.sun.xml.internal.stream.util.ThreadLocalBufferAlloca
tor
- Swing apps are slow if displaying from a remote source
to many local displays
- switch jtreg to 4.2b13
- Test library OSInfo.getSolarisVersion cannot determine
Solaris version
- TestOptionsWithRanges.java is very slow
- TestOptionsWithRanges.java of '-XX:TLABSize=2147483648'
fails intermittently
- The Japanese message of FileNotFoundException garbled
- The 'supported_groups' extension in ServerHellos
- ThreadInfoCompositeData.toCompositeData fails to map
ThreadInfo to CompositeData
- TimeZone.getDisplayName given Locale.US doesn't always
honor the Locale.
- TLS 1.2 Support algorithm in SunPKCS11 provider
- TLS 1.3 handshake server name indication is missing on a
session resume
- TLS 1.3 server fails if ClientHello doesn't have
pre_shared_key and psk_key_exchange_modes
- TLS 1.3 interop problems with OpenSSL 1.1.1 when used on
the client side with mutual auth
- tz: Upgrade time-zone data to tzdata2018g
- Undefined behaviour in ADLC
- Update avx512 implementation
- URLStreamHandler initialization race
- UseCompressedOops requirement check fails fails on
32-bit system
- windows: Update OS detection code to recognize Windows
Server 2019
- x86: assert on unbound assembler Labels used as branch
targets
- x86: jck tests for ldc2_w bytecode fail
- x86: sharedRuntimeTrig/sharedRuntimeTrans compiled
without optimization
- '-XX:OnOutOfMemoryError' uses fork instead of vfork
This update was imported from the SUSE:SLE-15:Update update project."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120431"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122293"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122299"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected java-11-openjdk packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2426");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-accessibility-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-accessibility-debuginfo-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-debuginfo-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-debugsource-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-demo-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-devel-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-headless-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-javadoc-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-jmods-11.0.2.0-lp150.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"java-11-openjdk-src-11.0.2.0-lp150.2.12.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk / java-11-openjdk-accessibility / etc");
}
The latest version of this script can be found in these locations depending on your platform:
- Linux / Unix:
/opt/nessus/lib/nessus/plugins/openSUSE-2019-161.nasl - Windows:
C:\ProgramData\Tenable\Nessus\nessus\plugins\openSUSE-2019-161.nasl - Mac OS X:
/Library/Nessus/run/lib/nessus/plugins/openSUSE-2019-161.nasl
Go back to menu.
How to Run
Here is how to run the openSUSE Security Update : java-11-openjdk (openSUSE-2019-161) as a standalone plugin via the Nessus web user interface (https://localhost:8834/):
- Click to start a New Scan.
- Select Advanced Scan.
- Navigate to the Plugins tab.
- On the top right corner click to Disable All plugins.
- On the left side table select SuSE Local Security Checks plugin family.
- On the right side table select openSUSE Security Update : java-11-openjdk (openSUSE-2019-161) plugin ID 122145.
- Specify the target on the Settings tab and click to Save the scan.
- Run the scan.
Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.
Basic usage:
/opt/nessus/bin/nasl openSUSE-2019-161.nasl -t <IP/HOST>Run the plugin with audit trail message on the console:
/opt/nessus/bin/nasl -a openSUSE-2019-161.nasl -t <IP/HOST>Run the plugin with trace script execution written to the console (useful for debugging):
/opt/nessus/bin/nasl -T - openSUSE-2019-161.nasl -t <IP/HOST>Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):
/opt/nessus/bin/nasl -K /tmp/state openSUSE-2019-161.nasl -t <IP/HOST>Go back to menu.
References
See also:
- https://www.tenable.com/plugins/nessus/122145
- https://bugzilla.opensuse.org/show_bug.cgi?id=1120431
- https://bugzilla.opensuse.org/show_bug.cgi?id=1122293
- https://bugzilla.opensuse.org/show_bug.cgi?id=1122299
- https://vulners.com/nessus/OPENSUSE-2019-161.NASL
- 122836 - GLSA-201903-14 : Oracle JDK/JRE: Multiple vulnerabilities
- 160349 - IBM Java 7.0 < 7.0.10.40 / 7.1 < 7.1.4.40 / 8.0 < 8.0.5.30 Multiple Vulnerabilities
- 127309 - NewStart CGSL MAIN 4.06 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0090)
- 127314 - NewStart CGSL MAIN 4.06 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0093)
- 127435 - NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0157)
- 125451 - openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1439) (Spectre)
- 125698 - openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-1500)
- 121231 - Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU)
- 121230 - Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU) (Unix)
- 136109 - Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290
- 136100 - Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084
- 125239 - RHEL 8 : java-1.8.0-ibm (RHSA-2019:1238)
- 121568 - SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:0221-1)
- 125023 - SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1219-1) (Spectre)
- 125676 - SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:1392-1)
- 127758 - SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:2028-1) (Spectre)
- 126233 - openSUSE Security Update : python-Jinja2 (openSUSE-2019-1614)
Version
This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file openSUSE-2019-161.nasl version 1.4. For more plugins, visit the Nessus Plugin Library.
Go back to menu.
