Alpine: multiple openjdk8 packages: security update to 8.144.01-r0 (deprecated)

critical Tenable Cloud Security Plugin ID 400763

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have
unspecified impact via vectors involving big-endian CRC calculation. (CVE-2016-9843)

- inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging
improper pointer arithmetic. (CVE-2016-9840)

- inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging
improper pointer arithmetic. (CVE-2016-9841)

- The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have
unspecified impact via vectors involving left shifts of negative integers. (CVE-2016-9842)

See Also

https://git.alpinelinux.org/aports/commit/?id=4d34f29dddd3934358df7a9607706d09ae0433c3

https://git.alpinelinux.org/aports/commit/?id=8ee81fd5e788259144d2466d56403ee07702987d

Plugin Details

Severity: Critical

ID: 400763

Version: Revision 1.31

Type: Local

Published: 8/16/2023

Updated: 1/22/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 95.11

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-9843

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2017

Vulnerability Publication Date: 10/19/2016

Reference Information

CVE: CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388

BID: 101315, 101319, 101321, 101333, 101341, 101348, 101354, 101355, 101369, 101378, 101382, 101384, 101396, 101413, 95131, 95808