java-1.8.0-openjdk-1.8.0.181-3.b13.el7
エラータID: AXSA:2018-3262:05
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
* OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
Bug Fix(es):
* This update applies changes from OpenJDK upstream version 8u172, which provides a number of bug fixes over the previous version, 8u171. (BZ#1588364)
* OpenJDK was recently updated to support reading the system certificate authority database (cacerts) directly. As an unintended consequence, this removed the ability to read certificates from the user-provided jssecacerts file. With this update, that ability is restored by reading from that file first, if available. (BZ#1593737)
CVE-2018-2952
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Update packages.
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.181-3.b13.el7.src.rpm
MD5: 3b382b210432c66a010e2eef0717bdd7
SHA-256: a64ddf416eed71dc01ed2dbe615a7016af0529fcd866a4a30977bc5de92af757
Size: 60.15 MB
Asianux Server 7 for x86_64
- java-1.8.0-openjdk-1.8.0.181-3.b13.el7.x86_64.rpm
MD5: e1d023d0da01ca5a768df25c7a40f7b4
SHA-256: 73d7e210615ae957fcde6efdd369b0fe2557c8ef4dd2f3da3d5dd05f8bf18521
Size: 248.88 kB - java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el7.x86_64.rpm
MD5: 47a43d0ba96811d2ef9729992a0e70c5
SHA-256: f5ef20ac7b4cc7b18a37baf007b058e3a992590737fd2ac27f3c5d456091a496
Size: 9.71 MB - java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7.x86_64.rpm
MD5: 7f60a0c7d1729aae8a1027752032544f
SHA-256: 723396e9685769c91102bb3f08eaace5e1e91bea44ea8b9174bbf167d09b1548
Size: 31.66 MB
日本語