java-1.8.0-openjdk-1.8.0.272.b10-1.el7
エラータID: AXSA:2020-822:18
以下項目について対処しました。
[Security Fix]
- Java SE Serialization コンポーネントには、Java SE、
又はJava SE Embedded を攻撃するために複数のプロトコルを
介してネットワークからアクセスしている認証されていない
攻撃者が、許可されていない権限を取得し、Java SE、
又は Java SE Embedded の部分的なサービス拒否を
引き起こす脆弱性があります。(CVE-2020-14779)
- Java SE の JDNI コンポーネントには、Java SE、
又はJava SE Embedded を攻撃するために複数の
プロトコルを介してネットワークからアクセスしている
認証されていない攻撃者が、Java SE、又は Java SE
Embedded のアクセス可能なデータのサブセットを
不正に読み込めてしまう脆弱性があります。(CVE-2020-14781)
- Java SE の Libraries コンポーネントには、
認証されていない攻撃者が複数のプロトコルの
ネットワークを介して、Java SE、Java SE Embedded の
アクセス可能なデータを不正に更新、挿入、
あるいは削除できてしまう脆弱性があります。(CVE-2020-14782)
- Java SE の Hotspot コンポーネントには、
認証されていない攻撃者が複数のプロトコルの
ネットワークアクセスを介して、Java SE、
Java SE Embedded のアクセス可能なデータの
サブセットを不正に読み込めてしまうとともに、
データを不正に更新、挿入、削除できてしまう
脆弱性があります。(CVE-2020-14792)
- Java SE の Libraries コンポーネントには、認証
されていない攻撃者が複数のプロトコルの
ネットワークアクセスを介して、 Java SE、
Java SE Embedded のアクセス可能なデータの
サブセットを不正に読み込めてしまう脆弱性が
あります。(CVE-2020-14796)
- Java SE の Libraries コンポーネントには、
認証されていない攻撃者が複数のネットワークアクセスを
介して、 Java SE 、 Java SE Embedded のアクセス可能な
データのサブセットを不正に読み込めてしまう
脆弱性があります。(CVE-2020-14803)
パッケージをアップデートしてください。
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.272.b10-1.el7.src.rpm
MD5: f1f4a16071e78695dd10bd836d1d5c98
SHA-256: d7e66f1b0b67343571afdc0c8f5377d1532516a8a1636d82429bf400420afea6
Size: 55.55 MB
Asianux Server 7 for x86_64
- java-1.8.0-openjdk-1.8.0.272.b10-1.el7.x86_64.rpm
MD5: 6fbd0d7c22a3c342eb17f9d361d51d75
SHA-256: 3a373127e2e3f4c0716c99f562468d6e6d48ca581b87668b4aae41d8c32986ec
Size: 303.10 kB - java-1.8.0-openjdk-devel-1.8.0.272.b10-1.el7.x86_64.rpm
MD5: aa6b9a6d4bed84ff97444773cd18a596
SHA-256: ae10137a2b51260288c57f25d75d8354f38b1da1da1a0a931d49451004aebaed
Size: 9.82 MB - java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el7.x86_64.rpm
MD5: 5e72dd998ad639d18c6a23042191dec3
SHA-256: 5a47bfadc3338a48b75d731817cbb8dccc1bdff355540274b183116f5598b218
Size: 32.97 MB - java-1.8.0-openjdk-1.8.0.272.b10-1.el7.i686.rpm
MD5: 662c39547f309aec8e8992b5a9118712
SHA-256: 0879fa3e132363e4ec23e6eb35057632321e2a0dec5b184967d8b81f83dab30c
Size: 302.79 kB - java-1.8.0-openjdk-devel-1.8.0.272.b10-1.el7.i686.rpm
MD5: 4dd52ab8795d73174107037caf72b5e8
SHA-256: 24449970b71ba82c3d2b9407f18e6ac8aa5ff2124d4ec41aaa099d56ea8c263f
Size: 9.82 MB - java-1.8.0-openjdk-headless-1.8.0.272.b10-1.el7.i686.rpm
MD5: 5550980b33b8e1b01a7efc71dc7057af
SHA-256: 723d84411d350c4e9742582465d5243e5c4848c722bd4d5015d943e9caad3211
Size: 32.80 MB