AXBA:2021-2043:09

リリース日: 
2021/11/26 Friday - 09:01
題名: 
java-11-openjdk-11.0.10.0.9-8.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
N/A
Description: 

CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14803 java-11-openjdk: various flaws

java-11-openjdk / FIPS: IllegalAccessException by pkcs11 provider with security manager on

static subdirectory is not owned by packages

java-11-openjdk / FIPS: TLS connections killed by exception in P11AEADCipher class

CVE-2020-14779
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-14781
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2020-14782
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2020-14792
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
CVE-2020-14796
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
CVE-2020-14797
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2020-14803
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-11-openjdk-11.0.10.0.9-8.el8.src.rpm
    MD5: 02d2223cc457f2253174780a6792f17e
    SHA-256: 5a700ee8994c7c0546c4b4c5ad5952f666e60aada082381db571f4b19ff8d784
    Size: 74.79 MB

Asianux Server 8 for x86_64
  1. java-11-openjdk-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: 490b2a56218ea75e3cc8f4745b300917
    SHA-256: e9c2a5e17486088a23008d3e9d8f7703baf3dd80f884625c44a4f02047052b3a
    Size: 258.00 kB
  2. java-11-openjdk-demo-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: d35f9ff6cab42c2495f8f017a7871b3f
    SHA-256: 5aff8c2e21a3e5233d0f998129c03eb0cd2371603690549e356874e0f3c2c84a
    Size: 4.35 MB
  3. java-11-openjdk-devel-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: 79e6c54e712347d5ff63db88d4ace3c3
    SHA-256: 9b8cdddb5845e3eb93d37e4f8a3a80ff022e43fb7498fda3cdcb9a0ac8c7d37c
    Size: 3.37 MB
  4. java-11-openjdk-headless-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: 31981b9a85e0da23ed551fa4f0a2408a
    SHA-256: 1a44c52f5131a2c9e70eba07d2546e7113ee0aaca924a657baa3cba6f954f552
    Size: 39.39 MB
  5. java-11-openjdk-javadoc-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: 2013dddc1c07e18c591f0bb608e30662
    SHA-256: a75123fad4be1648bff3e181a1fe7b5b843358671286a1b1c8c43bdf69656351
    Size: 15.96 MB
  6. java-11-openjdk-javadoc-zip-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: dd50ab457afac13b674da4d3afbf915d
    SHA-256: 1099c4619afd2348cce376b4fdb6e521ef01e947f3511c4f04c78dd0912fc237
    Size: 41.97 MB
  7. java-11-openjdk-jmods-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: 567419527dbe5cda7b3c6eb670ce0741
    SHA-256: 8088b106dea4580e366c03c142fef590c176d328c4f71d0fc8a2097958a1829c
    Size: 316.49 MB
  8. java-11-openjdk-src-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: 1e9866ffd2ae204f031947ae729e9d9d
    SHA-256: 960e1045e7278025359b8f9c2927119f77b8cf067e06877bf966e15f79ffadeb
    Size: 50.27 MB
  9. java-11-openjdk-static-libs-11.0.10.0.9-8.el8.x86_64.rpm
    MD5: 0391e20811b78197bb13d707cda2d15c
    SHA-256: f5c1b2b970f84b7e43873aad5dddbe012a8100332675caeccd2657831c5cfcdd
    Size: 18.80 MB
Copyright© 2007-2015 Asianux. All rights reserved.