java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4
エラータID: AXSA:2019-3938:03
以下項目について対処しました。
[Security Fix]
- Oracle Java SE のコンポーネント (サブコンポーネント:Security)
には、インフラにログオン可能な認証されていない攻撃者が、Java SE のアクセス
可能なデータにアクセスすることができる、実行困難な脆弱性があります。
(CVE-2019-2745)
- Oracle Java SE のコンポーネント (サブコンポーネント:Utilities)
には、ネットワークアクセスが可能な認証されていない攻撃者が、部分的な
DoS攻撃ができる、実行が容易な脆弱性があります。(CVE-2019-2762)
- Oracle Java SE のコンポーネント (サブコンポーネント:Utilities)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行が容易な脆弱性があります。(CVE-2019-2769)
- Oracle Java SE のコンポーネント (サブコンポーネント:Security) には、
ネットワークアクセスが可能な認証されていない攻撃者が、第三者のインタ
ーアクションを利用して、Java SE のアクセス可能なデータの一部を読み込む
ことができる、より広範な製品に影響する可能性のある実行困難な脆弱性が
あります。(CVE-2019-2786)
- Oracle Java SE のコンポーネント (サブコンポーネント:Networking) には、
ネットワークアクセスが可能な認証されていない攻撃者が、認証されていない Java
SE の一部のデータへのアップデートや挿入、削除ができる、実行困難な脆弱性があります。
(CVE-2019-2816)
- Oracle Java SE のコンポーネント (サブコンポーネント:JCE) には、
ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。(CVE-2019-2842)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
パッケージをアップデートしてください。
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4.src.rpm
MD5: d0c09cd40837a3f26ede3fe1f4beb564
SHA-256: aab2343e8df23934a1033b153518b99e09331aed2c35a48e0d47074fb2e8a761
Size: 53.93 MB
Asianux Server 4 for x86
- java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4.i686.rpm
MD5: 4327095029d9615334549d9b64e72955
SHA-256: 6ce8f067010cc5d4e7bc9fa25126e468ffea0cb44e64d1d95ae978f6a1373191
Size: 217.20 kB - java-1.8.0-openjdk-devel-1.8.0.222.b10-0.AXS4.i686.rpm
MD5: 6a21d8c90139aef1944f7a29cd544429
SHA-256: 6d8130c1a43444e27c3a843c0a6995920922194bf84b6a576d791051ed167b20
Size: 10.10 MB - java-1.8.0-openjdk-headless-1.8.0.222.b10-0.AXS4.i686.rpm
MD5: 3fa4912df81f672af508e663c16b5798
SHA-256: a15e8beeaaff306d84b98056b0eaddf49905f07ccc04b64a432082baa95f3905
Size: 31.60 MB
Asianux Server 4 for x86_64
- java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4.x86_64.rpm
MD5: d08d8fbec714aa6adaf3635e059f6372
SHA-256: e0a20d58a1fe1f83de96030d026e1d60b41bdeb29b800c3da0ae23428d80a20c
Size: 230.39 kB - java-1.8.0-openjdk-devel-1.8.0.222.b10-0.AXS4.x86_64.rpm
MD5: 23cd8b1f5cc0b68871267c3d2f40cb24
SHA-256: 28d0fc47fbd96eeca5dd0a85257f699c489f42f2a454dcf2d6ce152486cdf25a
Size: 10.09 MB - java-1.8.0-openjdk-headless-1.8.0.222.b10-0.AXS4.x86_64.rpm
MD5: 511c73d40f469ce89d763455420dbb67
SHA-256: ed8600a150903e85ba7d5ebb97426e4878cea07b62bc137fd60648bd12e24d86
Size: 32.22 MB