Detections
Analytics

Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-2241)

low Nessus Plugin ID 111253

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2241 advisory.

 [1:1.8.0.181-7.b13]
 - Update to aarch64-jdk8u181-b13.
 - Remove 8187577/PR3578 now applied upstream.
 - Resolves: rhbz#1594249

 [1:1.8.0.181-3.b04]
 - Fix hook to show hs_err*.log files on failures.
 - Resolves: rhbz#1594249

 [1:1.8.0.181-3.b04]
 - Fix requires/provides filters for internal libs. See RHBZ#1590796
 - Resolves: rhbz#1594249

 [1:1.8.0.181-2.b04]
 - Add '8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list'
 - Resolves: rhbz#1594249

 [1:1.8.0.181-1.b04]
 - Add hook to show hs_err*.log files on failures.
 - Resolves: rhbz#1594249

 [1:1.8.0.181-1.b04]
 - Mark bugs that have been pushed to 8u upstream and are scheduled for a release.
 - Resolves: rhbz#1594249

 [1:1.8.0.181-1.b04]
 - Update to aarch64-jdk8u181-b04 and aarch64-shenandoah-jdk8u181-b04.
 - Resolves: rhbz#1594249

 [1:1.8.0.181-0.b03]
 - Update to aarch64-jdk8u181-b03 and aarch64-shenandoah-jdk8u181-b03.
 - Remove AArch64 patch for PR3458/RH1540242 as applied upstream.
 - Resolves: rhbz#1594249

 [1:1.8.0.172-2.b11]
 - Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags.
 - Resolves: rhbz#1594249

 [1:1.8.0.172-2.b11]
 - Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546)
 - Resolves: rhbz#1594249

 [1:1.8.0.172-2.b11]
 - Split PR3458/RH1540242 fix into AArch64 & Zero sections, as their upstream trajectories differ.
 - Enable patch570 missed in last changeset.
 - Resolves: rhbz#1594249

 [1:1.8.0.172-1.b11]
 - Sync with IcedTea 3.8.0.
 - Label architecture-specific fixes with architecture concerned
 - x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround)
 - PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build
 - 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode
 - 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds
 - 8185723, PR3553: Zero: segfaults on Power PC 32-bit
 - 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe
 - PR3559: Use ldrexd for atomic reads on ARMv7.
 - 8187577, PR3578: JVM crash during gc doing concurrent marking
 - 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong
 - 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile
 - PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
 - 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26
 - Resolves: rhbz#1594249

 [1:1.8.0.172-0.b11]
 - Update to aarch64-jdk8u172-b11 and aarch64-shenandoah-jdk8u172-b11.
 - Resolves: rhbz#1594249

 [1:1.8.0.171-11.b12]
 - Update to aarch64-jdk8u171-b12 and aarch64-shenandoah-jdk8u171-b12.
 - Remove patch for 8200556/PR3566 as applied upstream.
 - Resolves: rhbz#1594249

 [1:1.8.0.171-11.b10]
 - Fix jconsole.desktop.in subcategory, replacing 'Monitor' with 'Profiling' (PR3550)
 - Resolves: rhbz#1594249

 [1:1.8.0.171-11.b10]
 - Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones
 - Resolves: rhbz#1594249

 [1:1.8.0.171-10.b03]
 - added missing hooks for c-j-c
 - Resolves: rhbz#1594249

 [1:1.8.0.171-9.b10]
 - added and applied 1566890_embargoed20180521.patch
 - Resolves: rhbz#1578548

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2018-2241.html

Plugin Details

Severity: Low

ID: 111253

File Name: oraclelinux_ELSA-2018-2241.nasl

Version: 1.6

Type: local

Agent: unix

Published: 7/24/2018

Updated: 10/23/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-2952

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:java-1.8.0-openjdk, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 7/23/2018

Vulnerability Publication Date: 7/18/2018

Reference Information

CVE: CVE-2018-2952

RHSA: 2018:2241