Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-2942)

critical Nessus Plugin ID 118183

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-2942 advisory.

[1:1.8.0.191.b12-0]
- Update to aarch64-shenandoah-jdk8u191-b12.
- Resolves: rhbz#1633817

[1:1.8.0.191.b10-0]
- Update to aarch64-shenandoah-jdk8u191-b10.
- Drop 8146115/PR3508/RH1463098 applied upstream.
- Resolves: rhbz#1633817

[1:1.8.0.181.b16-0]
- Add new Shenandoah patch PR3634 as upstream still fails on s390.
- Resolves: rhbz#1633817

[1:1.8.0.181.b16-0]
- Update to aarch64-shenandoah-jdk8u181-b16.
- Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream.
- Resolves: rhbz#1633817

[1:1.8.0.181.b15-0]
- Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u.
- Update to aarch64-shenandoah-jdk8u181-b15.
- Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds.
- Move buildver to where it should be in the OpenJDK version.
- Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620).
- Update pr3539-rh1548475.patch to apply after 8187045.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Remove unneeded functions from ppc shenandoahBarrierSet.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Add missing shenandoahBarrierSet implementation for ppc64{be,le}.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Fix wrong format specifiers in Shenandoah code.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Avoid changing variable types to fix size_t, at least for now.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- More size_t fixes for Shenandoah.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Add additional s390 size_t case for Shenandoah.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Actually add the patch...
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Attempt to fix Shenandoah build issues on s390.
- Resolves: rhbz#1633817

[1:1.8.0.181-4.b13]
- Use the Shenandoah HotSpot on all architectures.
- Resolves: rhbz#1633817

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2018-2942.html

Plugin Details

Severity: Critical

ID: 118183

File Name: oraclelinux_ELSA-2018-2942.nasl

Version: 1.7

Type: local

Agent: unix

Published: 10/18/2018

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-3183

CVSS v3

Risk Factor: Critical

Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:java-1.8.0-openjdk, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc, p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/17/2018

Vulnerability Publication Date: 10/17/2018

Reference Information

CVE: CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214

RHSA: 2018:2942