java-1.8.0-openjdk-1.8.0.51-0.b16.AXS4
エラータID: AXSA:2015-186:02
The OpenJDK runtime environment.
Security issues fixed with this release:
CVE-2015-2590
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-2601
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-2621
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-2625
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-2628
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-2632
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-2659
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does
not properly combine state data with key data during the
initialization phase, which makes it easier for remote attackers to
conduct plaintext-recovery attacks against the initial bytes of a
stream by sniffing network traffic that occasionally relies on keys
affected by the Invariance Weakness, and then using a brute-force
approach involving LSB values, aka the "Bar Mitzvah" issue.
CVE-2015-3149
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is
enabled on a server but not on a client, does not properly convey a
DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct
cipher-downgrade attacks by rewriting a ClientHello with DHE replaced
by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT
replaced by DHE, aka the "Logjam" issue.
CVE-2015-4731
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4732
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4733
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4748
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4749
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4760
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Version-Release number of selected component (if applicable):
Update packages.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security.
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.51-0.b16.AXS4.src.rpm
MD5: da14afd0676fc33c8748647e8a27d236
SHA-256: 90a309ef8aefabfdaf32ab60c4fbd339095dc79f8686582cee14b9d94b825f73
Size: 58.54 MB
Asianux Server 4 for x86
- java-1.8.0-openjdk-1.8.0.51-0.b16.AXS4.i686.rpm
MD5: 006ee30652bb103fcc3cdc0b95da6702
SHA-256: 865bce1d02c8a0ad724d2b1b42465e6d68d8609de3094b9344d4a933a35bd258
Size: 172.49 kB - java-1.8.0-openjdk-devel-1.8.0.51-0.b16.AXS4.i686.rpm
MD5: 0908273cac456be31b182e589a3e1966
SHA-256: d940b4d0edb400003b6c9db195f11999726a493848b4411745fe07457261b348
Size: 10.00 MB - java-1.8.0-openjdk-headless-1.8.0.51-0.b16.AXS4.i686.rpm
MD5: 00597ab764943246316eb5ddcf31f44a
SHA-256: c28e09c8edc486fadc1c89bd7ebfbb7cc8031d70aa594decc8f791f5bf597cc8
Size: 30.92 MB
Asianux Server 4 for x86_64
- java-1.8.0-openjdk-1.8.0.51-0.b16.AXS4.x86_64.rpm
MD5: fd9a63e2891664ff9e1e8066fac93597
SHA-256: 32a0ef0470ed859d57d808cf1e6bf352511be2c26c7fb8ac27781fab451f91e5
Size: 186.83 kB - java-1.8.0-openjdk-devel-1.8.0.51-0.b16.AXS4.x86_64.rpm
MD5: caf06996d0e3d37bb2f40bc2a09f6f46
SHA-256: 8509fbc8daf6420346c5001ab34555481b4e4b3980e0dd90633d8b3b1f9d6162
Size: 10.00 MB - java-1.8.0-openjdk-headless-1.8.0.51-0.b16.AXS4.x86_64.rpm
MD5: 284395ca080fbde15dbe73a56267e159
SHA-256: 31fb76e50a1324ac217a081c94262b00fac40ba7ca8b101b28333e7990d53374
Size: 31.58 MB