java-1.7.0-openjdk-1.7.0.191-2.6.15.4.0.1.el7.AXS7
エラータID: AXSA:2018-3274:03
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.
Security Fix(es):
* OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-2952
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Update packages.
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
N/A
SRPMS
- java-1.7.0-openjdk-1.7.0.191-2.6.15.4.0.1.el7.AXS7.src.rpm
MD5: eedc1e9d21b6dbe494dc7179b07e68fe
SHA-256: 6a3ed449fa58c6883b252f00b4d3233e98899dc34d2b706f4421be15034f5235
Size: 39.28 MB
Asianux Server 7 for x86_64
- java-1.7.0-openjdk-1.7.0.191-2.6.15.4.0.1.el7.AXS7.x86_64.rpm
MD5: 43ce1a0a506bffa5336f9cdaddd918d0
SHA-256: c53e7bcd57b0cbf1013aa7e63033fd99518cb6dc1bf9e027df387cf027188d92
Size: 240.48 kB - java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.0.1.el7.AXS7.x86_64.rpm
MD5: 834fe2691e668b501d584a376c83c97f
SHA-256: 27ff6ed46575745f41a7fc922e89dcb58331c53fd7c563c06b4393372bfa0380
Size: 9.22 MB - java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.4.0.1.el7.AXS7.x86_64.rpm
MD5: 3bd9210389804bb4aa8ce498b68908e6
SHA-256: fcbbe2514da1af9a0aab0745f24d9a15ccb7f78695c5f311e96bb0f82b738377
Size: 25.60 MB