AXSA:2019-3940:03

リリース日: 
2019/07/23 Tuesday - 20:24
題名: 
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)

* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)

* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)

* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)

* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)

* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-2745
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2762
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2769
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2786
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2816
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2842
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
1. java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4.src.rpm
md5sum: 0d0f61cb648c6c1b576c6921f949ba04
sha256sum: 253531d78ec85a87ef1685873baa0a91676877bbcbc1973892b5b8023c0ddcb6
Size: 40,682 Kb

Asianux Server 4.0 for x86_64
1. java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4.x86_64.rpm
md5sum: 069b2796be1eaa6c510ddc670cec0c3e
sha256sum: 08c5425f3822be08e1bc866c108662898f8a3b62da6a6b0d2c46f715a4047d68
Size: 27,237 Kb
2. java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.AXS4.x86_64.rpm
md5sum: 9cef5f2d06f46dc3745082045ff55009
sha256sum: 7e9cbaa462788a7986651b994351179c34228ac9e9459d44c4047de2b0b6be85
Size: 9,714 Kb
1. java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4.i686.rpm
md5sum: d8abfbd0b9b3f5af7f90b05d0e6b2119
sha256sum: a4f7158163731a55303d80d1d73eba2a1bdcf4f9ea282665e3a4f95eb5f7e7be
Size: 28,506 Kb
2. java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.AXS4.i686.rpm
md5sum: e6cf1a975f83c59b085a650a51166956
sha256sum: 90507d19f5c00dfa30b7f478c6e734cce026ce6972d506c58bd70ae818135094
Size: 9,715 Kb
Copyright© 2007-2015 Asianux. All rights reserved.