java-11-openjdk-11.0.5.10-0.el7
エラータID: AXSA:2019-4349:04
リリース日:
2019/10/23 Wednesday - 10:39
題名:
java-11-openjdk-11.0.5.10-0.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Oracle Java SE のコンポーネント (コンポーネント: Networking)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2945)
- Oracle Java SE のコンポーネント (コンポーネント: Kerberos)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
Java SE の機密データあるいはすべてのアクセス可能なデータ
の一部を読み込むことができる、より広範な製品に影響する可能性のある
実行困難な脆弱性があります。 (CVE-2019-2949)
- Oracle Java SE のコンポーネント (コンポーネント: 2D)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2962)
- Oracle Java SE のコンポーネント (コンポーネント: Concurrency)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2964)
- Oracle Java SE のコンポーネント (コンポーネント: JAXP)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2973)
- Oracle Java SE のコンポーネント (コンポーネント: Scripting)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
認証されていない Java SE の一部のデータへ不正な
のアップデートや挿入、削除と部分的なDoS攻撃ができる、
実行困難な脆弱性があります。(CVE-2019-2975)
- Oracle Java SE の Java SE コンポーネント (サブコンポーネント: Hotspot)
には,ネットワークアクセスが可能な認証されていない攻撃者が、
Java SE の機密データあるいは JavaSE のアクセス可能なすべてのデータの
読み込みや部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2977)
- Oracle Java SE のコンポーネント (コンポーネント: Networking)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2978)
- Oracle Java SE のコンポーネント (コンポーネント: JAXP)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2981)
- Oracle Java SE のコンポーネント (コンポーネント: Serialization)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2983)
- Oracle Java SE のコンポーネント (コンポーネント: 2D)には、
ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2987)
- Oracle Java SE のコンポーネント (コンポーネント: 2D)には、
ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2988)
- Oracle Java SE のコンポーネント (コンポーネント: Networking)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
認証されていない不正な一部のデータへのアップデートや挿入、削除
ができる、実行困難な脆弱性があります。(CVE-2019-2989)
- Oracle Java SE のコンポーネント (コンポーネント: 2D)には、
ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2992)
- Oracle Java SE のコンポーネント (コンポーネント: Javadoc)には、
ネットワークアクセスが可能な認証されていない攻撃者が、
認証されていない Java SE の一部のデータへのアップデートや挿入、削除
ができる、 実行困難な脆弱性があります。(CVE-2019-2999)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
Update packages.
CVE:
CVE-2019-2945
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
CVE-2019-2949
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
CVE-2019-2962
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2964
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2973
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2975
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
CVE-2019-2977
Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).
Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).
CVE-2019-2978
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2981
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2983
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2987
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2988
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2989
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).
CVE-2019-2992
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2999
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.5.10-0.el7.src.rpm
MD5: 110bc067cff6a6632fe48675b7db4270
SHA-256: 66b07c74c6dddd406513a6a8fa1bd4d04130bb26a5271c75587af80617fd4b5c
Size: 72.72 MB
Asianux Server 7 for x86_64
- java-11-openjdk-11.0.5.10-0.el7.x86_64.rpm
MD5: 28443895590d97b1d1dfe24acd7bf4b5
SHA-256: 1e5d046add9720c26eaead7cebdcc1d1bb9f35f824067100103b86e7a011df6f
Size: 211.29 kB - java-11-openjdk-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: e450f5b3af0b02d50b3302d0ce934429
SHA-256: 0ed50a9e00950af4602751a1f7799b9d3c7bb558fafd6761e8d870f30ca959db
Size: 215.43 kB - java-11-openjdk-demo-11.0.5.10-0.el7.x86_64.rpm
MD5: 8218f90a617065ce44964dee914c05bf
SHA-256: 88dcbc148c301abfca2387b29844ba56f6fce8a5b9f61ae7a793db2c6c30227e
Size: 4.33 MB - java-11-openjdk-demo-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: b4315045540d76f908eda40dbca7d887
SHA-256: 0325bf0e0bd93199a2027945f1c9a1152be7cb0f872692a54ca0c34a2a5146c2
Size: 4.33 MB - java-11-openjdk-devel-11.0.5.10-0.el7.x86_64.rpm
MD5: dfd38a0b93f56ff6396839587ba23e48
SHA-256: 0c2527c72be6b39566f22eb621d860d8e09b80fdac65dcbb44c0fab9d82304c6
Size: 3.35 MB - java-11-openjdk-devel-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: b815ab396de40331d2ab799ba9c3b327
SHA-256: 5480055de3c35ba4f9ed44a014e20b897339b22305c013673a1eaa57cd11a06e
Size: 3.35 MB - java-11-openjdk-headless-11.0.5.10-0.el7.x86_64.rpm
MD5: 9f91de61de3b11d9de817ffeeb7cc812
SHA-256: 7ebb2c2eadc90ec7e238dd06ab766513de43c139e9cf218c4d3be73a7060ad42
Size: 38.78 MB - java-11-openjdk-headless-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: 4925cbbe149b560efb70b7d3c4efd99a
SHA-256: a46c022364a5864977444dc85e4a32cdefc3649463c6ac905587625309fa8d41
Size: 41.31 MB - java-11-openjdk-javadoc-11.0.5.10-0.el7.x86_64.rpm
MD5: c9993b05fc7a036eca5331fd9afe6f18
SHA-256: 9a07aaf2e6df3261c7c700c71d54815640d80054a2ea4581f6e795bd3dd56431
Size: 16.06 MB - java-11-openjdk-javadoc-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: dc6055ad3ef03bc1c83835ffe0b0a28c
SHA-256: c2bddce7f9b8685c00428ca3cfea78f7f4048274a06a8d7bf32f713a2fdd7059
Size: 16.07 MB - java-11-openjdk-javadoc-zip-11.0.5.10-0.el7.x86_64.rpm
MD5: 5075a0eeb0a67203bf18359943d8d2bd
SHA-256: 549b25c28d73f7bee7aed5c5c1ce6489ede07f90117cc63e870af2067f9eb1bd
Size: 42.24 MB - java-11-openjdk-javadoc-zip-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: 4880c3af8b3dfde2c16bf50f30bcf215
SHA-256: a64c54609a126949c254ebd99d1b329d98ab0683a7b566fcf7844e41bf6c3df0
Size: 42.24 MB - java-11-openjdk-jmods-11.0.5.10-0.el7.x86_64.rpm
MD5: 700859845b5997c41c97a6e3d64f0e57
SHA-256: 1daed13596fa17d1380b0622563adff981342d3d7fa2c507d9c6a9259413373e
Size: 305.52 MB - java-11-openjdk-jmods-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: 37440f97bbc72ef07a68178e97054e05
SHA-256: b3a2ef1d7c341d82f122f1a8f2874c83d3ff4212189953b4fd01b891c57f4a28
Size: 174.09 MB - java-11-openjdk-src-11.0.5.10-0.el7.x86_64.rpm
MD5: 442ace49f6dddb20eafafb2e5af60616
SHA-256: e81e95f283282b8b11dd00b6e0bd547c4ecdbe647e2b114f1e495d1ce3a9db74
Size: 50.10 MB - java-11-openjdk-src-debug-11.0.5.10-0.el7.x86_64.rpm
MD5: 6bc74542529ad3730336a8196ecef898
SHA-256: ac14e304f889c5f721e3402666664bbc4094b2f933ac926ecec6c9527590954e
Size: 50.10 MB - java-11-openjdk-11.0.5.10-0.el7.i686.rpm
MD5: 8ff270ae70a65ece72c810eda2521909
SHA-256: 97919877b3221f5fd22b5eea1e9fb53ca862b4bf1eddf5f2c75e5d84f6804e03
Size: 207.02 kB - java-11-openjdk-debug-11.0.5.10-0.el7.i686.rpm
MD5: e28a0c3a2b9ccb8e89a0f5219787d019
SHA-256: 0376be7c5f587e6825f2bb026d0ec36b439b199f136fd24ad1f1631893c16788
Size: 209.39 kB - java-11-openjdk-demo-11.0.5.10-0.el7.i686.rpm
MD5: aff32397b2c2d91d638b36c12f9f8b51
SHA-256: 884dd57a9194777af27f1692bf4c7bf1c206ec62045111dd76bae3570fecd60c
Size: 4.33 MB - java-11-openjdk-demo-debug-11.0.5.10-0.el7.i686.rpm
MD5: 818ea6fdfc41cc9d20265caa3759fa8a
SHA-256: 9d25b0b028d42e054341fc29f7802f2acae5b7353a2f686f1f22d0e579586e96
Size: 4.33 MB - java-11-openjdk-devel-11.0.5.10-0.el7.i686.rpm
MD5: ea89cc7e0c89f324f22ce41091afaf2e
SHA-256: adde1956b0efe1ccb0995ed72456d444e022edffb34ec7310c85d815bff8afd3
Size: 3.32 MB - java-11-openjdk-devel-debug-11.0.5.10-0.el7.i686.rpm
MD5: 3175d76c2758ddb5da1f9f760b146da1
SHA-256: 51a47593dcd80c07aad4052a0e84c53bdc9bbe57f2abb9a47e598e63e0a6c19f
Size: 3.33 MB - java-11-openjdk-headless-11.0.5.10-0.el7.i686.rpm
MD5: 37b3a061994071b65d8d76dc851cf339
SHA-256: 2a1217a0d1131737b1fd909e30114ea88a8ad4e9a206f3474a3236bd66ea7a29
Size: 35.10 MB - java-11-openjdk-headless-debug-11.0.5.10-0.el7.i686.rpm
MD5: de4c129afeb7734dc1c400485b3eacf8
SHA-256: 62e2d83154e3bc62bd0f8097557d5a1152f753da6f3f44de3a82c34c070d952a
Size: 37.20 MB - java-11-openjdk-javadoc-11.0.5.10-0.el7.i686.rpm
MD5: 326cdc442fd44fdcd8beaa891cea7999
SHA-256: 74053cf473fce2fdf63679721a37777470de06da07151d75c002f6436f464a36
Size: 16.06 MB - java-11-openjdk-javadoc-debug-11.0.5.10-0.el7.i686.rpm
MD5: 1f50e067d299218aff03a3b1a4ae227f
SHA-256: c65b9c2f98ab439789c087d6d86ee85c6221a95ec15daf7dd870ad9787f90934
Size: 16.06 MB - java-11-openjdk-javadoc-zip-11.0.5.10-0.el7.i686.rpm
MD5: e07c8d176bac915a58b54cac6cc743be
SHA-256: 158b8233dfcf4383410366a9292b27bfb53e60c08634de00005139ee12a8cafb
Size: 42.26 MB - java-11-openjdk-javadoc-zip-debug-11.0.5.10-0.el7.i686.rpm
MD5: 9d9dd0d0ebd4735db634c3f177d4d31a
SHA-256: 6939edf5c921c137d1c0c0b81e098426f847e049b919a700469bd7872f65010c
Size: 42.26 MB - java-11-openjdk-jmods-11.0.5.10-0.el7.i686.rpm
MD5: 7ef91e1edf756b19ac2dbef437ea1ad0
SHA-256: dfb24654606911dd1c9b0737011b47d1c2acaa33b60f755823346f77f2dd6ed2
Size: 273.64 MB - java-11-openjdk-jmods-debug-11.0.5.10-0.el7.i686.rpm
MD5: b8d1c769c3cad72dfd06000298061ef4
SHA-256: 60b78c9f90b3eea76c822d376c1bd6f6341d4c88d3fe993147a313dbcd35ed15
Size: 155.12 MB - java-11-openjdk-src-11.0.5.10-0.el7.i686.rpm
MD5: 4f14245125213e2f12bbf8769182a5a3
SHA-256: 038a5094ff60d15bdc93e9034f2dfd2439fc56a76808643dc98017507a6069d3
Size: 45.37 MB - java-11-openjdk-src-debug-11.0.5.10-0.el7.i686.rpm
MD5: 1b9bdcb0c8b6fb143728741c3f4d51d0
SHA-256: af208c3c98b8a4acce5871ed7202416a75cf14d261cfda0a3a5cd2f20710b7fa
Size: 45.37 MB
English