java-11-openjdk-11.0.12.0.7-0.el8
エラータID: AXSA:2021-2247:11
リリース日:
2021/11/26 Friday - 10:17
題名:
java-11-openjdk-11.0.12.0.7-0.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE がアクセス可能なデー
タのサブセットへ、未承認の読み込りアクセスを行う脆弱性があります。(CVE-2021-2341)
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE がアクセス可能なデー
タに対して不正な更新や、挿入、削除される脆弱性があります。(CVE-2021-2369)
- Java SE には、未認証の攻撃者が複数のプロトコルを介してネットワークにアクセスして
Java SE に侵入し、攻撃者以外の人間が介在することで、Java SE が乗っ取られる脆弱性
があります。(CVE-2021-2388)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
CVE-2021-2369
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.12.0.7-0.el8.src.rpm
MD5: 572ed1220155574c14c1267dca412d7b
SHA-256: 5b67d1752672e500b32711fae4834ac29fffde4a2d76646a5caf16d8819ef30e
Size: 75.12 MB
Asianux Server 8 for x86_64
- java-11-openjdk-11.0.12.0.7-0.el8.x86_64.rpm
MD5: 2b002f6f42484feb8bd4bdfc1748ea76
SHA-256: 04c2166122af80fe9e2a4873ea1518dfb8d2d1e6efcbe6dd24a8d21950ff4533
Size: 260.27 kB - java-11-openjdk-demo-11.0.12.0.7-0.el8.x86_64.rpm
MD5: 3521bc5f097fb362e51970eff9c05b0f
SHA-256: 88a96c27362e57703c9fd2530bb8f1f15c7cfec935ffdff830e7eeb7710ab260
Size: 4.36 MB - java-11-openjdk-devel-11.0.12.0.7-0.el8.x86_64.rpm
MD5: f1fd0a062766622ec3cc1e59e815ae2a
SHA-256: 6f6d4ea04359c10913277f023ba5af1380fad31dcd20fde423a841d3b2435ca0
Size: 3.37 MB - java-11-openjdk-headless-11.0.12.0.7-0.el8.x86_64.rpm
MD5: 2bff2f19781c89c30512a60e3b52305b
SHA-256: d27395d33040a1ce26bfd8a495bba8f39cad5636ecd2b3a123a1f13d2d8e53dd
Size: 39.48 MB - java-11-openjdk-javadoc-11.0.12.0.7-0.el8.x86_64.rpm
MD5: afc5574f6fe3d9ae5c4085d4fe0f8bb0
SHA-256: 2911886b2d7ba3c21f96cb8d2b42cbae43c2bdb27ce61290b7df0e899c993001
Size: 15.97 MB - java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8.x86_64.rpm
MD5: 627e37d57f2e0bc349fec5e14d1ca8ce
SHA-256: 1b40f9b85c9f94e707d03cb14f413e7a1f035cf90250b4e80071bb0a28d38f42
Size: 41.97 MB - java-11-openjdk-jmods-11.0.12.0.7-0.el8.x86_64.rpm
MD5: e11fdfe281da3617d31ab38cb13b8d47
SHA-256: c0cf0c4317a81be004d233b7a970949748d1ca14b4ee9b03d09b6d9e4435d0f5
Size: 317.70 MB - java-11-openjdk-src-11.0.12.0.7-0.el8.x86_64.rpm
MD5: 95d088836b7d9e31781e3ec190eefa13
SHA-256: 050cb2eb59e348c2fac02579ca6c0b84c9249f0a0660c55909b9d31c9463014b
Size: 50.36 MB - java-11-openjdk-static-libs-11.0.12.0.7-0.el8.x86_64.rpm
MD5: c24dc8eca1ef758c976d06d4a5aa78ca
SHA-256: 5f5220a4aa9c242ccf238c49f9910e26d79b0e7565adf5f18cef0a519f77eec9
Size: 18.81 MB