java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7.AXS7
エラータID: AXSA:2019-4366:05
以下項目について対処しました。
- Oracle Java SE のコンポーネント (コンポーネント: Networking)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2945)
- Oracle Java SE のコンポーネント (コンポーネント: 2D)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2962)
- Oracle Java SE のコンポーネント (コンポーネント: Concurrency)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2964)
- Oracle Java SE のコンポーネント (コンポーネント: JAXP)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2973)
- Oracle Java SE のコンポーネント (コンポーネント: Networking)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2978)
- Oracle Java SE のコンポーネント (コンポーネント: JAXP)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2981)
- Oracle Java SE のコンポーネント (コンポーネント: Serialization)
には、ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2983)
- Oracle Java SE のコンポーネント (コンポーネント: 2D)には、
ネットワークアクセスが可能な認証されていない攻撃者が、
部分的なDoS攻撃ができる、実行困難な脆弱性があります。
(CVE-2019-2987)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
パッケージをアップデートしてください。
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
N/A
SRPMS
- java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7.AXS7.src.rpm
MD5: a62fed59667a6baf74f14a279e57efe4
SHA-256: f6d93f73ee2dacbeb424b4332416c1df34693e4756574c948ba718964858742d
Size: 39.62 MB
Asianux Server 7 for x86_64
- java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7.AXS7.x86_64.rpm
MD5: 43de7d66a817547cf5ff61a65dfa84f8
SHA-256: f8a6073e49073d1b99f1aaae9c886e44422d2829d9ab4c03887fdecf82f0469c
Size: 256.04 kB - java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.0.1.el7.AXS7.x86_64.rpm
MD5: c05e2b46529c741b2b6273a579a990dc
SHA-256: 1c1a7c4dd03e309d26385f7bd625b4ac592c77a542d016a9df11b385694c5f63
Size: 9.20 MB - java-1.7.0-openjdk-headless-1.7.0.241-2.6.20.0.0.1.el7.AXS7.x86_64.rpm
MD5: e37da3526d01de77cbaf791165ebcaaa
SHA-256: b646b0db5dd4bd91feea2d4287c0309d7630dc5120cb3908746e341bcfc42821
Size: 25.89 MB