SUSE SLES12: java-1_8_0-openjdk / java-1_8_0-openjdk-demo / etc (SUSE-SU-2021:3771-1)

medium Nessus Plugin ID 155704

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3771-1 advisory.

Update to version OpenJDK 8u312 (October 2021 CPU):

- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected java-1_8_0-openjdk, java-1_8_0-openjdk-demo, java-1_8_0-openjdk-devel and / or java-1_8_0-openjdk- headless packages.

See Also

https://bugzilla.suse.com/1191901

https://bugzilla.suse.com/1191903

https://bugzilla.suse.com/1191904

https://bugzilla.suse.com/1191905

https://bugzilla.suse.com/1191906

https://bugzilla.suse.com/1191909

https://bugzilla.suse.com/1191910

https://bugzilla.suse.com/1191911

https://bugzilla.suse.com/1191912

https://bugzilla.suse.com/1191913

https://bugzilla.suse.com/1191914

https://www.suse.com/security/cve/CVE-2021-35550

https://www.suse.com/security/cve/CVE-2021-35556

https://www.suse.com/security/cve/CVE-2021-35559

https://www.suse.com/security/cve/CVE-2021-35561

https://www.suse.com/security/cve/CVE-2021-35564

https://www.suse.com/security/cve/CVE-2021-35565

https://www.suse.com/security/cve/CVE-2021-35567

https://www.suse.com/security/cve/CVE-2021-35578

https://www.suse.com/security/cve/CVE-2021-35586

https://www.suse.com/security/cve/CVE-2021-35588

https://www.suse.com/security/cve/CVE-2021-35603

http://www.nessus.org/u?c7ea16fd

Plugin Details

Severity: Medium

ID: 155704

File Name: suse_SU-2021-3771-1.nasl

Version: 1.8

Type: Local

Agent: unix

Published: 11/24/2021

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

Percentile: 50.87

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2021-35550

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-35567

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo, p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/23/2021

Vulnerability Publication Date: 10/19/2021

Reference Information

CVE: CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603

IAVA: 2021-A-0481-S

SuSE: SUSE-SU-2021:3771-1