java-11-openjdk-11.0.1.13-3.el7
エラータID: AXSA:2019-3622:01
以下項目について対処しました。
[Security Fix]
- Oracle Java SE (サブコンポーネント:Security) には、ネットワー
クアクセス可能な認証されていない攻撃者が、Java SE のアクセ
ス可能なデータに不正なアップデート、挿入、削除アクセスを行う
ことができる脆弱性があります。(CVE-2018-3136)
- Oracle Java SE のコンポーネント (サブコンポーネント:Net
working) には、ネットワークアクセス可能な認証されていない
攻撃者が、Java SE のアクセス可能なデータの一部に、読み
込みアクセスを行うことができる脆弱性があります。(CVE-2018-3139)
- Oracle Java SE のコンポーネント (サブコンポーネント:JNDI)
には、ネットワークアクセス可能な認証されていない攻撃者
が、Java SE を乗っ取ることができる脆弱性があります。(CVE-2018-3149)
- Oracle Java SE (サブコンポーネント: Utility) には,ネットワー
クアクセス可能な認証されていない攻撃者が,Java SE のアク
セス可能なデータの一部分に,不正な更新,挿入あるいは削除
アクセスが可能な脆弱性があります。(CVE-2018-3150)
- Oracle Java SE のコンポーネント (サブコンポーネント:Hotspot)
には、ネットワークアクセス可能な認証されていない攻撃者が、
Java SE を乗っ取ることができる脆弱性があります。(CVE-2018-3169)
- Oracle Java SE のコンポーネント (サブコンポーネント:JSSE) には、
SSL/TLSを経由してネットワークアクセス可能な認証されていない
攻撃者が部分的にサービス拒否 (DoS) を引き起こすことができる
脆弱性があります。(CVE-2018-3180)
- Oracle Java SE のコンポーネント (サブコンポーネント:Scripting)
には、ネットワークアクセス可能な認証されていない攻撃者が、
Java SE を乗っ取ることができる脆弱性があります。(CVE-2018-3183)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
パッケージをアップデートしてください。
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
N/A
SRPMS
- java-11-openjdk-11.0.1.13-3.el7.src.rpm
MD5: 88aa11f12cab895e2e29e9f74bde30dc
SHA-256: d25cb6c62ca7fccdf590fb8defbe5588a8a8edc0c82ab3b524e720e0fac1c9e5
Size: 72.57 MB
Asianux Server 7 for x86_64
- java-11-openjdk-11.0.1.13-3.el7.x86_64.rpm
MD5: 144af45c0be8bd321a2ff88fd6bc367c
SHA-256: df0972196fe0259efa48d33725a53aa6206f2ec35d3474d6bd3ed63a210e2158
Size: 190.99 kB - java-11-openjdk-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: 47c9208f57df1bf6b644d8b4fd564ba1
SHA-256: 86f02a9f68e4e6ea520eb14960391f7e710277b08e8e1f79a787f5e69830789b
Size: 194.96 kB - java-11-openjdk-demo-11.0.1.13-3.el7.x86_64.rpm
MD5: 19fcc9ee448146730b9fc3177053d7f4
SHA-256: 18ac097acd2ac22525c3e9abc4d2d5dad0add5c0c52ab01361a21107371a4b6f
Size: 4.32 MB - java-11-openjdk-demo-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: c6863adec417f7aba7758942de6f1c48
SHA-256: 361a4f0d87fe3d5a462969db4ed33f8fe378b19810a8b61e93dc6874d7db1ce4
Size: 4.32 MB - java-11-openjdk-devel-11.0.1.13-3.el7.x86_64.rpm
MD5: f713ab4ba9aeb0397e0a7ba30954d37a
SHA-256: d24200be33beae3797c03b0abff238d6abcc18c0c794146c8a064fbdc60956c7
Size: 3.35 MB - java-11-openjdk-devel-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: c2e7557c2eba16e797ffc577819146fe
SHA-256: 86d48517d9346063cb30835f599a2afc46d53f78fb02139e1b5fb4f6fee359bb
Size: 3.36 MB - java-11-openjdk-headless-11.0.1.13-3.el7.x86_64.rpm
MD5: 9e6e029e747b1220c037c7f932843e41
SHA-256: daf4f377b68ac625cd2e7967bdaf7beedb8df12615662f2890e5e0dabb012fc6
Size: 38.23 MB - java-11-openjdk-headless-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: b90616376a8772d719137282f447e79b
SHA-256: 38f1744309a04166f0a67e56157fd211d9b5ae8b866e982fbf8a3c1cde1b7628
Size: 40.07 MB - java-11-openjdk-javadoc-11.0.1.13-3.el7.x86_64.rpm
MD5: c82ff2930c9d0415e0b0825a210f32d5
SHA-256: 585a35efc5ec66216d50e4b18370c17c8a1eb1d1c75a327ca4a813b4399011a7
Size: 16.06 MB - java-11-openjdk-javadoc-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: e6788428a60c4c3272186616152db543
SHA-256: 6a25b82bec98ec30d45e901d848cd9eeb8dcb0599aade6a855384df0ee508d7e
Size: 16.06 MB - java-11-openjdk-javadoc-zip-11.0.1.13-3.el7.x86_64.rpm
MD5: 575c42a1e364c167830e903837678478
SHA-256: da7e2f70d21e301dd2d42fa452a5ff556e7a9d225a1324a35f0dfc9cca0f8dd7
Size: 42.16 MB - java-11-openjdk-javadoc-zip-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: 32745d517cbb4563777712a69e4fab3a
SHA-256: 26c1226c5fe1a88ccb95a46ac4a5714dac3439b912b5ef22385b42f7811be6ac
Size: 42.16 MB - java-11-openjdk-jmods-11.0.1.13-3.el7.x86_64.rpm
MD5: 0013411df3263f089ccaa2d69d231fa7
SHA-256: 50912a0e9ecec88f3cc2ce37105dd26e0fe5a88061fcb50b36ccc8969cdcc212
Size: 305.77 MB - java-11-openjdk-jmods-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: b835c8ac854a84af00b1dce1a55c3e71
SHA-256: 426c6e4d016ca6fcfdd0b9d69b54af5e917c900829f5612c66b57cd7db22400e
Size: 171.72 MB - java-11-openjdk-src-11.0.1.13-3.el7.x86_64.rpm
MD5: 8e5a10433e59e5176b4628072aaa459a
SHA-256: 9c9bb99a6b4f598ac6c9b26b73b621fbfe30c29b52ab29324e550259408d9461
Size: 49.99 MB - java-11-openjdk-src-debug-11.0.1.13-3.el7.x86_64.rpm
MD5: 78c8973c5f3e988bf9bb7e244808bd9a
SHA-256: b86cb6b2570596cf2c35f5971da1c283805f62c185a4417c6c2283059ab62096
Size: 49.99 MB - java-11-openjdk-11.0.1.13-3.el7.i686.rpm
MD5: c5fbfa4690bcb251e4ee1a317bf85781
SHA-256: 3308f4f74f6bae7f347cd5a1c98a38228c858d2daf57440fb2b287402113b0e0
Size: 186.45 kB - java-11-openjdk-debug-11.0.1.13-3.el7.i686.rpm
MD5: fb3ed98bb70f63c9a127aaf3a85aa1b1
SHA-256: 49379bb821aa8fb59bed9cc646ad286da3ac7cc8fe985b0b9301d330ec210d7a
Size: 187.89 kB - java-11-openjdk-demo-11.0.1.13-3.el7.i686.rpm
MD5: 57298fd07d4047416fee10bddca1646c
SHA-256: cb8af0d703175d379bf125fc0522969a6e29ecf7a0d6b0657132ba1edf062a11
Size: 4.32 MB - java-11-openjdk-demo-debug-11.0.1.13-3.el7.i686.rpm
MD5: 05d12447eb1fe776e9ee0139c636e459
SHA-256: a0be442ee181dbc61671b6d6de7f00d8e32592fb50d852770808a30649f9b7ad
Size: 4.32 MB - java-11-openjdk-devel-11.0.1.13-3.el7.i686.rpm
MD5: ba7ae867b72d849f0c13a67c1c6cfd2d
SHA-256: 363cebf8e2b6e7cd444629485e6e2e58fa15575b656fe04ffec8eb1206a4610a
Size: 3.33 MB - java-11-openjdk-devel-debug-11.0.1.13-3.el7.i686.rpm
MD5: 9b9a6e7a9c7253dfb8f6b937537619a6
SHA-256: bfbb6eb242af4d230822c9b93c3cb302b834d2b5142f01df41f20a96f540d431
Size: 3.34 MB - java-11-openjdk-headless-11.0.1.13-3.el7.i686.rpm
MD5: c72384559bd75328615223320ad62c8a
SHA-256: 2a68dde52aecde357dc9411fb9814d75ed4fcfccc74ca6161d5bb0a665b8a878
Size: 34.48 MB - java-11-openjdk-headless-debug-11.0.1.13-3.el7.i686.rpm
MD5: a79a6073f28b8e807bfaa2f04c3a7d02
SHA-256: bf4fd470dd8c83a2b7460c4fcdb399588b44624cc47bb68394ba5ae6f5eea4ba
Size: 36.09 MB - java-11-openjdk-javadoc-11.0.1.13-3.el7.i686.rpm
MD5: df75fa1cf0e22c82dfb0a0ab4ed4893c
SHA-256: af1aa69855feebd52ab7eee9b5311aa86fef5a4976c369024771a96c432db84f
Size: 16.05 MB - java-11-openjdk-javadoc-debug-11.0.1.13-3.el7.i686.rpm
MD5: 1ba674a580c8e1ad24ba4cbd02b17a2e
SHA-256: fb3236c995a8bed9cd9291d12708efdb40036cb741033dff9cf066cd2b2e645b
Size: 16.06 MB - java-11-openjdk-javadoc-zip-11.0.1.13-3.el7.i686.rpm
MD5: 843a158b391ad231f9145ddf07de390f
SHA-256: bc93e2bd9a3c1efbba0bb253bcb295ca1caac9ea82edd0674162eb6b2d862239
Size: 42.20 MB - java-11-openjdk-javadoc-zip-debug-11.0.1.13-3.el7.i686.rpm
MD5: a7ded769aa1af1004b4239da6a7efc48
SHA-256: e6de6c7c94baf0be0fcee441af04004d491a638b961aa0c15ad832569d7425ae
Size: 42.20 MB - java-11-openjdk-jmods-11.0.1.13-3.el7.i686.rpm
MD5: bbead9eea2f98b083184aba7bcd2cde2
SHA-256: d6db2232a7b89ae38274d4550df3e28113a93934ea5a62470ede789a70a5360a
Size: 272.05 MB - java-11-openjdk-jmods-debug-11.0.1.13-3.el7.i686.rpm
MD5: 7a6b6a1cceb7d0ce0f17b4b21a558e6a
SHA-256: 38f723e237483b1d45078c48ce0e4c99a4fc02e6bbc3aa216846f4f3914512b1
Size: 152.25 MB - java-11-openjdk-src-11.0.1.13-3.el7.i686.rpm
MD5: 3c22511758da2778683b0fd85eb0950f
SHA-256: 784c5e14bf45c918a07bb6c5fcfdad63f92520e6b897ecfa359448424ff64eba
Size: 45.26 MB - java-11-openjdk-src-debug-11.0.1.13-3.el7.i686.rpm
MD5: 48d30b57b5009984860732f9040eed34
SHA-256: 3b424248fa82036cb22f0e7dd7d41a81d5afcb334ddfdb77ea1322b59637429d
Size: 45.26 MB