Detections
Analytics

Debian DLA-1886-2 : openjdk-7 regression update

high Nessus Plugin ID 127922

Language:

Synopsis

The remote Debian host is missing a security update.

Description

The latest security update of openjdk-7 caused a regression when applications relied on elliptic curve algorithms to establish SSL connections. Several duplicate classes were removed from rt.jar by the upstream developers of OpenJDK because they were also present in sunec.jar. However Debian never shipped the SunEC security provider in OpenJDK 7.

The issue was resolved by building sunec.jar and its corresponding native library libsunec.so from source. In order to build these libraries from source, an update of nss to version 2:3.26-1+debu8u6 is required.

Updates for the amd64 architecture are already available, new packages for i386, armel and armhf will be available within the next 24 hours.

For Debian 8 'Jessie', this problem has been fixed in version 7u231-2.6.19-1~deb8u2.

We recommend that you upgrade your openjdk-7 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2019/08/msg00027.html

https://packages.debian.org/source/jessie/openjdk-7

Plugin Details

Severity: High

ID: 127922

File Name: debian_DLA-1886.nasl

Version: 1.4

Type: local

Agent: unix

Published: 8/20/2019

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm, p-cpe:/a:debian:debian_linux:openjdk-7-jdk, p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero, p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless, p-cpe:/a:debian:debian_linux:openjdk-7-doc, p-cpe:/a:debian:debian_linux:openjdk-7-jre, p-cpe:/a:debian:debian_linux:openjdk-7-demo, p-cpe:/a:debian:debian_linux:openjdk-7-source, p-cpe:/a:debian:debian_linux:openjdk-7-dbg, cpe:/o:debian:debian_linux:8.0, p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 8/22/2019

Vulnerability Publication Date: 8/22/2019