java-11-openjdk-11.0.6.10-1.el7
エラータID: AXSA:2020-4430:01
以下項目について対処しました。
[Security Fix]
- Oracle Java SEのSerializationコンポーネントには、
認証されていない攻撃者が複数のプロトコルでネットワークを介して不正にアクセスでき、
サービス拒否を起こせる実行困難な脆弱性があります。(CVE-2020-2583)
- Oracle Java SEのSecurityコンポーネントには、
認証されていない攻撃者がKerberosを介して不正にアクセスし、
データの流出や改ざん(更新、追加、削除)がされる実行困難な脆弱性があります。(CVE-2020-2590)
- Oracle Java SEのNetworkingコンポーネントには、
認証されていない攻撃者が複数のプロトコルでネットワークを介して不正にアクセスでき、
データの流出や改ざん(更新、追加、削除)がされる実行困難な脆弱性があります。(CVE-2020-2593)
- Oracle Java SEのSecurityコンポーネントには、
認証されていない攻撃者がKerberosを介して不正にアクセスし、
重要なデータへの完全なアクセスができる、実行困難な脆弱性があります。(CVE-2020-2601)
- Oracle GraalVMのJavaコンポーネントでは、
認証されていない攻撃者がマルチプロトコルでネットワークを介して不正にアクセスでき、
GraalVMを乗っ取れる実行困難な脆弱性があります。(CVE-2020-2604)
- Oracle Java SEのLibrariesコンポーネントには、
認証されていない攻撃者がマルチプロトコルでネットワークを介して不正にアクセスでき、
部分的なサービス拒否を起こせる実行困難な脆弱性があります。(CVE-2020-2654)
- Oracle Java SEのJSSEコンポーネントには、
認証されていない攻撃者がHTTPSを介して不正にアクセスでき、
一部のデータの流出や、改ざん(更新、追加、削除)がされる実行困難な
脆弱性があります。(CVE-2020-2655)
パッケージをアップデートしてください。
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.3.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. Note: GraalVM Enterprise 19.3 and above includes both Java SE 8 and Java SE 11. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
N/A
SRPMS
- java-11-openjdk-11.0.6.10-1.el7.src.rpm
MD5: 0fda13f59b0b12905024401d9f0d8f46
SHA-256: 234cc49d6c751d5875ede18b01cbbb0c40c2f2f04add9c74a20ac23a021fbed9
Size: 72.86 MB
Asianux Server 7 for x86_64
- java-11-openjdk-11.0.6.10-1.el7.x86_64.rpm
MD5: e274f0ceda1c23825a16782ddeeaef58
SHA-256: 744d777d1b3bcd912687281fdd042770b246366714cfc3086e63bb86a4c04b82
Size: 211.80 kB - java-11-openjdk-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: 62ec3b0fac66ea9e6215bdc4d147ecc3
SHA-256: 03c8f7de46aa1f03ed390762a68c8fa782510c59e2c58e32ea50ebca7f18f421
Size: 216.53 kB - java-11-openjdk-demo-11.0.6.10-1.el7.x86_64.rpm
MD5: 5f374b4ff2251e54d0521140a18447e8
SHA-256: d5364ddbcff0f0a18d48df8b51f0f065f86e735f98e8a8240b1e35f22dac4132
Size: 4.33 MB - java-11-openjdk-demo-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: acce263484ca56dbaebc42395bf05b32
SHA-256: b9b5142c4adfbec311f9e0441b8064857a32b2c8ee092ba4ca7ecc8097f902e1
Size: 4.33 MB - java-11-openjdk-devel-11.0.6.10-1.el7.x86_64.rpm
MD5: 697c60dd147a48bc883d99399a7d5094
SHA-256: dd8e3e5b9a7c7dc6afe6ec17d5a62d2a10b5e086482f37b00925cd272974320d
Size: 3.35 MB - java-11-openjdk-devel-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: 424e006b55815a66b4ba6b0441740c5e
SHA-256: 5ab6a18e035486accfc91dc5f8c1c8bec67f8bed4abc4a36d8bf7f05ed949e3c
Size: 3.35 MB - java-11-openjdk-headless-11.0.6.10-1.el7.x86_64.rpm
MD5: 727fdedb7fe48c8cb61215c53604b85b
SHA-256: 92d929bdd243f50868a085e74753af0c6a45295ef82c420172963bf00e97eb1c
Size: 38.85 MB - java-11-openjdk-headless-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: 376f2518c828435adfd67e6424c136b0
SHA-256: 8c8a1cd211f42968da9c0ca53855e66d175fb2c365a694b1ced4350756a539c7
Size: 41.38 MB - java-11-openjdk-javadoc-11.0.6.10-1.el7.x86_64.rpm
MD5: ecd90da4ade2792abc138e345e1622af
SHA-256: 12332c6af984cd69a0ae08708d2e27d95d07050c665516d10868e0dbf743afbb
Size: 16.06 MB - java-11-openjdk-javadoc-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: b5ba19f2445e9762b07158a29ee70cf7
SHA-256: 6d9b01d05e894371a68b58accf9833582431a1a2a2c27ae8b91766fb2f168c4f
Size: 16.07 MB - java-11-openjdk-javadoc-zip-11.0.6.10-1.el7.x86_64.rpm
MD5: ef535e6cb5f091a8f44c486014fbe147
SHA-256: 51947eca435ed88ae4e1c30bbfc819f8a1aa31164be2834018863939a912fd64
Size: 42.18 MB - java-11-openjdk-javadoc-zip-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: bca761bc5bf86a5741909b247638b064
SHA-256: dca8e456f39dd45ef786976715a94df48db3641dc46c774fe24fcba12932e7f6
Size: 42.18 MB - java-11-openjdk-jmods-11.0.6.10-1.el7.x86_64.rpm
MD5: a3cf3316d368121f99f2deff5c90b479
SHA-256: c90bbeedf4049bd223857eb1bbeaa66a9ea5c4ea46a90d0f676fc38ddbab6a31
Size: 306.02 MB - java-11-openjdk-jmods-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: 5a6d7ce5537423afa367cb4b161d01d6
SHA-256: a0c8c238d54f736853a95412e4981f735dd55a2eb28cf28404b3af09bdb1c77e
Size: 174.28 MB - java-11-openjdk-src-11.0.6.10-1.el7.x86_64.rpm
MD5: 0887b7089df0e7d4d76fab410d770129
SHA-256: d66b819abb3d14c8bd11cc1c7d14b519ff204a12988068126854bab42be2c034
Size: 50.14 MB - java-11-openjdk-src-debug-11.0.6.10-1.el7.x86_64.rpm
MD5: 1d750382d6368b7fd6532bf26e18cc47
SHA-256: acc5f93e05778000b01fcc373a476bd9eaf1b51bbea59e2558220e6f67d30c70
Size: 50.14 MB - java-11-openjdk-11.0.6.10-1.el7.i686.rpm
MD5: b8d2307607549aa9ced0c827adca7237
SHA-256: 593f3d99f88770250bc4f06ffb9f68ca999a86e2b56f0c85e0941ee2546783b5
Size: 207.67 kB - java-11-openjdk-debug-11.0.6.10-1.el7.i686.rpm
MD5: 2263ef4ef7e7b644a11b32f5e64cdf35
SHA-256: 012299c9c8021da0df9a81a2d2d13c0b6b31cb1718841eda01768248c09b5211
Size: 210.46 kB - java-11-openjdk-demo-11.0.6.10-1.el7.i686.rpm
MD5: 951b959c96a77835d8479fc5fdad59c9
SHA-256: 19367afacb1953ee7af30ea15fc2eb529a236615fa6654f45602d200f894a56b
Size: 4.33 MB - java-11-openjdk-demo-debug-11.0.6.10-1.el7.i686.rpm
MD5: a9582c29b47a9fa844570030b3a47df7
SHA-256: cf178b9d5e1d2d2bd380768f5b87535ed1a5a18605507ab824bef5d83d10d400
Size: 4.33 MB - java-11-openjdk-devel-11.0.6.10-1.el7.i686.rpm
MD5: c222ed85e1a71540574bc4e7be2921a4
SHA-256: 97f4247c0050c1f968478fdb95b844b44c8d42bbf5dff3ab4fd546cee2e990a2
Size: 3.32 MB - java-11-openjdk-devel-debug-11.0.6.10-1.el7.i686.rpm
MD5: d4802eaaefd701bba5768132a2c83bc5
SHA-256: 8b310dff98101e2bc7dd3e246fac172e941c9511eb7d51e3161bb325774b17ae
Size: 3.33 MB - java-11-openjdk-headless-11.0.6.10-1.el7.i686.rpm
MD5: 4e03c5ab13c489a0bf50972b75136cc7
SHA-256: d06301d79afbd007cd4f05a2b26c2d67b22fcdab06bb396b6e06a241b4d44265
Size: 35.16 MB - java-11-openjdk-headless-debug-11.0.6.10-1.el7.i686.rpm
MD5: d08a018e76de1c8f1bfffe129c2942cd
SHA-256: 85f318c2a656b99c8a21c82d27c291226e9f3ee23feb9041ac1febb0da845189
Size: 37.26 MB - java-11-openjdk-javadoc-11.0.6.10-1.el7.i686.rpm
MD5: b5f39823ef9ecaa2f3291c31f626a66c
SHA-256: 8e72546f1b9f20882ebdff7d41e93aa24c75a0bf0445b6b2da855ff418aff1cb
Size: 16.06 MB - java-11-openjdk-javadoc-debug-11.0.6.10-1.el7.i686.rpm
MD5: ddd2439dc896beaa55840f1ec1892844
SHA-256: c6f1b66e7f28fc5478e534d5a140142dbbc1306d7bc7ba575543cbb1fa84fdad
Size: 16.06 MB - java-11-openjdk-javadoc-zip-11.0.6.10-1.el7.i686.rpm
MD5: 01231e249a722dd9e4fb0b7dbe4c49f4
SHA-256: cb4c30ae053081639c0dac7dc0ad115a47f4038ce8e3d1509880d28844860404
Size: 42.21 MB - java-11-openjdk-javadoc-zip-debug-11.0.6.10-1.el7.i686.rpm
MD5: 6af9089909176da295529d06e3091646
SHA-256: 0bc7817c6c0fc403943318f328f617346580f3a8080ce2830cdc3ec050a47185
Size: 42.21 MB - java-11-openjdk-jmods-11.0.6.10-1.el7.i686.rpm
MD5: 748560ddbe8d30df0d129acdd99810d7
SHA-256: 1480d74599501a8cfdfaf9ab339fad565b0aed420ef291dcdfab8b2ebfc4251d
Size: 274.01 MB - java-11-openjdk-jmods-debug-11.0.6.10-1.el7.i686.rpm
MD5: 582105b0a4b3bd183b3f4b248ca2610f
SHA-256: afc7c0c100fe384b68b08a47d7f7d3e31e0e49ef98bb4b141fb2a100322ded25
Size: 155.33 MB - java-11-openjdk-src-11.0.6.10-1.el7.i686.rpm
MD5: 4caa0a1ecb45990de42d0ac8eebaf14f
SHA-256: bcd49290aa5d7d0e682808a0e542eb2d063d344dd3437c0b9610b4db0cb50b96
Size: 45.41 MB - java-11-openjdk-src-debug-11.0.6.10-1.el7.i686.rpm
MD5: 89a9be5992eff5c37a956343f927d82b
SHA-256: b762b9c5910384ac2799373592cf21e038d4883fec5ae6841d7e4ff97864eaec
Size: 45.41 MB