The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7008 advisory.

    [1:11.0.17.0.8-2.0.1]
    - link atomic for ix86 build

    [1:11.0.17.0.8-2]
    - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
    - Update CLDR data with Europe/Kyiv (JDK-8293834)
    - Drop JDK-8292223 patch which we found to be unnecessary
    - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
    - Remove unneeded JDK-8291053 patch as we no longer build in-tree HarfBuzz
    - Related: rhbz#2133695

    [1:11.0.17.0.8-1]
    - Update to jdk-11.0.17+8 (GA)
    - Update release notes to 11.0.17+8
    - Switch to GA mode for release
    - Resolves: rhbz#2133695

    [1:11.0.17.0.7-0.1.ea]
    - Update to jdk-11.0.17+7
    - Update release notes to 11.0.17+7
    - Resolves: rhbz#2130373

    [1:11.0.17.0.1-0.1.ea]
    - Try to build using system HarfBuzz to avoid build failures with 4.4.1 & gcc 4.8.5
    - Related: rhbz#2130373

    [1:11.0.17.0.1-0.1.ea]
    - Include Aleksey's patch for JDK-8291053 to try and get HarfBuzz to build again
    - Related: rhbz#2130373

    [1:11.0.17.0.1-0.1.ea]
    - Update to jdk-11.0.17+1
    - Update release notes to 11.0.17+1
    - Switch to EA mode for 11.0.17 pre-release builds.
    - Related: rhbz#2130373

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 : java-11-openjdk (ELSA-2022-7008)

medium Nessus Plugin ID 166388

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.7 Nov 2, 2024, 2:28 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202411020228
Version 1.6 Oct 23, 2024, 10:51 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202410232251
Version 1.5 Oct 22, 2024, 6:42 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410221842
Version 1.4 Oct 9, 2023, 5:00 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310091700
Version 1.3 Dec 1, 2022, 4:17 PM CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N") CVSSv2 score source (changed from "CVE-2022-21626" to "CVE-2022-21618") Plugin Feed: 202212011617
Version 1.2 Oct 21, 2022, 6:05 PM New Plugin Feed: 202210211805