[Linux-PowerEdge] [Security Alert] srvadmin-jre-9.3.0-3465.14818.el7.x86_64 vulnerable

mr.zbiggy mr.zbiggy at upcpoczta.pl
Tue Dec 17 17:09:57 CST 2019


Hello Puneet,

Thanks for reply. Let me know on this ML when it will launch. So far
removed it due to vulnerabilities.

systemctl stop dsm_om_connsvc.service
systemctl disable dsm_om_connsvc.service
yum erase srvadmin-jre-9.3.0-3465.14818.el7.x86_64
Removing:
srvadmin-jre             9.3.0-3465.14818.el7
Removing for dependencies:
srvadmin-tomcat          9.3.0-3465.14818.el7
srvadmin-webserver       9.3.0-3465.14818.el7

greetings,
Zbigniew


On 04.12.2019 15:14, Puneet.Sapra at dell.com wrote:
> Hello Zbigniew,
> 
> Thank you for reaching out to us.
>  
> The reported issue will be addressed in the upcoming OpenManage Server Administrator 9.4 release which will be releasing by end of December 2019.
> 
> Thanks and Regards,
> Puneet Sapra - Dell EMC
> 
> Date: Wed, 27 Nov 2019 21:03:45 +0100
> From: "mr.zbiggy" <mr.zbiggy at upcpoczta.pl>
> To: linux-poweredge at dell.com
> Subject: [Linux-PowerEdge] [Security Alert]
> 	srvadmin-jre-9.3.0-3465.14818.el7.x86_64 vulnerable
> Message-ID: <39c23c96-e43b-9f36-c48e-1e9dd977ef90 at upcpoczta.pl>
> Content-Type: text/plain; charset="utf-8"
> 
> 
> [EXTERNAL EMAIL] 
> 
> Hi,
> 
> Nessus Security Scanner:
> CRITICAL 1000 Oracle Java JRE Unsupported Version Detection (Unix) MEDIUM 500 Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix) The following Java JRE installation is unsupported :
> 
> Path              : /opt/dell/srvadmin/lib64/openmanage/
> Installed version : 1.10.0_1
> Latest versions   : 1.8.0_211 / 1.11.0_03 / 1.12.0_1
> Support dates     : 2018-10-01 (end of life)
> 
> This outdated, unsupported java is installed by package:
> srvadmin-jre-9.3.0-3465.14818.el7.x86_64
> 
> Description:
> According to its self-reported version number, at least one installation of Oracle (formerly Sun) Java JRE on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. Note that Oracle does provide support contracts under the 'Oracle Lifetime Support' program. If the detected JRE is supported under this program, this may be a false positive.
> 
> Diagnosis:
> The remote host contains one or more unsupported versions of the Oracle Java JRE.
> 
> Solution:
> Upgrade to a version of Oracle Java JRE that is currently supported.
> 
> greetings,
> Zbigniew
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> https://lists.us.dell.com/mailman/listinfo/linux-poweredge
> 
> ------------------------------
> 
> End of Linux-PowerEdge Digest, Vol 180, Issue 13
> ************************************************
> 



More information about the Linux-PowerEdge mailing list