java-1.8.0-openjdk-1.8.0.302.b08-0.el8
エラータID: AXSA:2021-2245:10
リリース日:
2021/07/22 Thursday - 07:34
題名:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE がアクセス可能なデー
タのサブセットへ、未承認の読み込りアクセスを行う脆弱性があります。(CVE-2021-2341)
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE がアクセス可能なデー
タに対して不正な更新や、挿入、削除される脆弱性があります。(CVE-2021-2369)
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE が乗っ取られる脆弱性
があります。(CVE-2021-2388)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
CVE-2021-2369
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.302.b08-0.el8.src.rpm
MD5: f776059e1b7534afd5d1d27f39ca053f
SHA-256: 7f365943048bfeaddf39eebfcd0072bb41e6fae818f48eabf4f588a6787cf76c
Size: 55.78 MB
Asianux Server 8 for x86_64
- java-1.8.0-openjdk-1.8.0.302.b08-0.el8.x86_64.rpm
MD5: 35b217e8d0920f96cbda45848c0616c7
SHA-256: 4ecb30bc331b179f12004b3f51aa0a115dc1154a1cce429cf6544e2fc1b3d504
Size: 334.79 kB - java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8.x86_64.rpm
MD5: 3a8140df7e1ff47195f42742b7209cdf
SHA-256: 645429bca4b57df6d7136a0c9e0b2aa6b014e38f702e41096e13e86fed38c105
Size: 96.96 kB - java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8.x86_64.rpm
MD5: 3bab0778262df95cea3ccb8f3ff586e1
SHA-256: 441e6a439e5ee58b50682784a64f23fd0921415b754068fd63b17f40e764449b
Size: 2.01 MB - java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8.x86_64.rpm
MD5: e5d27e8665b2f676665610274327ac1f
SHA-256: 8b368bf3f42da5450e3f05320c60853590959993caa93f2ea5d720e50918a9b4
Size: 9.86 MB - java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8.x86_64.rpm
MD5: b4965a718c6edb7f4f7d396253c2e45d
SHA-256: 052c826e6e5a28a159a56a7c28f48f39b3c8a8fa0fdd79ff62cb584f82913b23
Size: 33.86 MB - java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8.noarch.rpm
MD5: d54502410e48997953af5318ae29fb35
SHA-256: d82daff082f372c52a93507eed092551bcddbf74eed3004a7e898c40165d53dd
Size: 15.17 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8.noarch.rpm
MD5: 38962edf5fdcdbdd93f82eed41042923
SHA-256: 89397db28e8882a23ea98bf5596ffd09324487f2719e1c1a3ee7c2ff9c354a21
Size: 41.78 MB - java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8.x86_64.rpm
MD5: c021b90e35936b35c940a994c42dbb90
SHA-256: 37b7e6ab2e3426950111c68bd407bfd6a611d6ef0fd06ebaad88e3f370d123b1
Size: 45.56 MB
English