java-1.8.0-openjdk-1.8.0.302.b08-0.el7
エラータID: AXSA:2021-2241:09
リリース日:
2021/07/22 Thursday - 06:29
題名:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE がアクセス可能なデー
タのサブセットへ、未承認の読み込りアクセスを行う脆弱性があります。(CVE-2021-2341)
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE がアクセス可能なデー
タに対して不正な更新や、挿入、削除される脆弱性があります。(CVE-2021-2369)
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE が乗っ取られる脆弱性
があります。(CVE-2021-2388)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
CVE-2021-2369
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.302.b08-0.el7.src.rpm
MD5: dc2fa46b1ba71c20d431de56c4401b0b
SHA-256: f683c78d59e72c4fb411c09f1d3c2ee909e695f5555cab676f4f0b4835625a9a
Size: 55.77 MB
Asianux Server 7 for x86_64
- java-1.8.0-openjdk-1.8.0.302.b08-0.el7.x86_64.rpm
MD5: 4b1f515997d16752f7538cfdee15d912
SHA-256: 9e5bc5fc550f6e38791cdc2931b654a3610e8c041b061ee75586e2f16129a9aa
Size: 310.54 kB - java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7.x86_64.rpm
MD5: f3937a631565b93061277b8b9f413ea6
SHA-256: 4d57c6d25404856a96db8438add32e513f7754284dbb638deb2ea0987d9fcf9d
Size: 9.83 MB - java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7.x86_64.rpm
MD5: d804ced22b544e178616e684b922712b
SHA-256: 882b6f18816ad4dd17665a494ea4485b1849685027843f1bf922f67bb5526616
Size: 33.03 MB - java-1.8.0-openjdk-1.8.0.302.b08-0.el7.i686.rpm
MD5: dd35a5d19a8a686d31a360aaf39c6899
SHA-256: bc6f5b8ed7dfcf4a161135ae1582094206c00daf5ebb61b3ffaeca90782d225b
Size: 310.12 kB - java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7.i686.rpm
MD5: 3ef45af24e7849aefa33cdb15cd54470
SHA-256: 104f9141b9670892ef23ad557f3db60e43538548e8fb9fce6778b0afffa07a8e
Size: 9.83 MB - java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7.i686.rpm
MD5: f653e4e18d771d127a9426d27ff48a7e
SHA-256: 4b4e136046e232701a4a90f6272f8d6931394143d0d27fa64a2ab70889a0c2ff
Size: 32.86 MB