java-1.7.0-openjdk-1.7.0.211-2.6.17.1.AXS4
エラータID: AXSA:2019-3805:01
Release date:
Wednesday, April 3, 2019 - 16:06
Subject:
java-1.7.0-openjdk-1.7.0.211-2.6.17.1.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Oracle Java SE のコンポーネント (サブコンポーネント:Libraries) には、
ネットワークアクセス可能な認証されていない攻撃者が、Java SE のアクセス可能な
データのサブセットに不正な読み込みを行うことができる脆弱性があります。
(CVE-2019-2422)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
Solution:
パッケージをアップデートしてください。
CVEs:
CVE-2019-2422
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Additional Info:
N/A
Download:
SRPMS
- java-1.7.0-openjdk-1.7.0.211-2.6.17.1.AXS4.src.rpm
MD5: 7efd99723d5de6623ba4735ea6953161
SHA-256: dff398f20eab5fd59d69b78ecd02c1adadf08fb72ef466b1b8f2e2d512b2af36
Size: 39.43 MB
Asianux Server 4 for x86
- java-1.7.0-openjdk-1.7.0.211-2.6.17.1.AXS4.i686.rpm
MD5: 75268ab67e6362353a341f79f7682ae5
SHA-256: da5117057e1783c0d2140437a9a2a5bf09dd8ddbeea627c89c779c17899876ea
Size: 27.77 MB - java-1.7.0-openjdk-devel-1.7.0.211-2.6.17.1.AXS4.i686.rpm
MD5: 31f73affa03d55c533142ec8c9225deb
SHA-256: 9f62e140ae1b5660e7d4f14e0ccb24af4b951edf46b60e7f4bb0bf4bd11d9af6
Size: 9.48 MB
Asianux Server 4 for x86_64
- java-1.7.0-openjdk-1.7.0.211-2.6.17.1.AXS4.x86_64.rpm
MD5: 8555ac8a3f2886762dda3c0216dd0c90
SHA-256: c51a75a3f99e73f6631e3e2f9e85d79db7672a0b248c19d652d138cf68802710
Size: 26.54 MB - java-1.7.0-openjdk-devel-1.7.0.211-2.6.17.1.AXS4.x86_64.rpm
MD5: 33b6fb068f9ef5a113d82f0bffd99de6
SHA-256: 830de3d8e6038b815cd66c094564ef9238d0d062588b0295e6572a96f382fc26
Size: 9.48 MB