RHEL 6 : java-1.8.0-ibm (RHSA-2018:2575)

critical Nessus Plugin ID 112178

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP20.

Security Fix(es) :

* IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539)

* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

* IBM JDK: DoS in the java.math component (CVE-2018-1517)

* IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656)

* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)

* OpenJDK: insufficient index validation in PatternSyntaxException getMessage () (Concurrency, 8199547) (CVE-2018-2952)

* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)

* OpenSSL: Double-free in DSA code (CVE-2016-0705)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2018:2575

https://access.redhat.com/security/cve/cve-2016-0705

https://access.redhat.com/security/cve/cve-2017-3732

https://access.redhat.com/security/cve/cve-2017-3736

https://access.redhat.com/security/cve/cve-2018-1517

https://access.redhat.com/security/cve/cve-2018-1656

https://access.redhat.com/security/cve/cve-2018-2940

https://access.redhat.com/security/cve/cve-2018-2952

https://access.redhat.com/security/cve/cve-2018-2973

https://access.redhat.com/security/cve/cve-2018-12539

Plugin Details

Severity: Critical

ID: 112178

File Name: redhat-RHSA-2018-2575.nasl

Version: 1.8

Type: local

Agent: unix

Published: 8/29/2018

Updated: 8/13/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-0705

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/28/2018

Vulnerability Publication Date: 3/3/2016

Reference Information

CVE: CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-12539, CVE-2018-1517, CVE-2018-1656, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973

RHSA: 2018:2575