java-1.8.0-openjdk-1.8.0.312.b07-1.el7
エラータID: AXSA:2021-2489:11
以下項目について対処しました。
[Security Fix]
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、クリティカルな
データへの不正アクセスや Java SE と Oracle GraalVM Enterprise Edition がアクセス可能な
全てのデータへ完全にアクセス出来てしまう脆弱性があります。(CVE-2021-35550)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35556)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35559)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35561)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition がアクセス可能なデータへ不正な
UPDATE, INSERT, DELETEアクセスが出来てしまう脆弱性があります。
(CVE-2021-35564)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる不正な権限を
取得してしまう脆弱性があります。(CVE-2021-35565)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
Kerberos 経由でネットワークにアクセスしている低い権限を持つ攻撃者が、攻撃者以外の
人間が関与することにより、クリティカルなデータへの不正アクセスや Java SE と
Oracle GraalVM Enterprise Edition がアクセス可能な全てのデータへ完全にアクセス
出来てしまう脆弱性があります。(CVE-2021-35567)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる不正な権限を
取得してしまう脆弱性があります。(CVE-2021-35578)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35586)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
攻撃者以外の人間が関与することにより、Java SE と Oracle GraalVM Enterprise Edition の
部分的なサービス拒否を引き起こせる不正な権限を取得してしまう脆弱性があります。
(CVE-2021-35588)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition がアクセス可能なデータのサブセットへ不正な
読み込みアクセスが出来てしまう脆弱性があります。(CVE-2021-35603)
パッケージをアップデートしてください。
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.312.b07-1.el7.src.rpm
MD5: 2f23023a7c833e36600aea82b22d41ca
SHA-256: 92c92c67de71e5e8fc09e1af4a928d9d3f8d8cb20f138ec58bec5855a3668b42
Size: 55.81 MB
Asianux Server 7 for x86_64
- java-1.8.0-openjdk-1.8.0.312.b07-1.el7.x86_64.rpm
MD5: 19f2f6c8798732733dbb4446dc476893
SHA-256: 63ff6cc8040fc751108730864eae29abd54018866789b0be893800f270119d68
Size: 312.02 kB - java-1.8.0-openjdk-devel-1.8.0.312.b07-1.el7.x86_64.rpm
MD5: 5b8ba7d50dd0287b98a34bfe4463062f
SHA-256: 7a46040cf29cc768e3b8b8cff625cf05b2ef61071039c63449b1b01cbc31d890
Size: 9.84 MB - java-1.8.0-openjdk-headless-1.8.0.312.b07-1.el7.x86_64.rpm
MD5: 9513a083b40a2cbf97235671adcc8f26
SHA-256: 2ee48ba2a23dbf719e43bec808031f9cc6e35cf67a7c342517130c15b31823b4
Size: 33.06 MB - java-1.8.0-openjdk-1.8.0.312.b07-1.el7.i686.rpm
MD5: 3a8383f2823d30c348a98e9c31ec2ca8
SHA-256: 1d0420246881133d921189317ecab8234151c2a2fe35e23f91f9980e3740a15d
Size: 311.55 kB - java-1.8.0-openjdk-devel-1.8.0.312.b07-1.el7.i686.rpm
MD5: f704018f8b9106e90b3c0310760d88d4
SHA-256: 2474cd43b6ea60027ce6ed7fd13eabd745034e52e29ebc21b844590123d3c9f6
Size: 9.84 MB - java-1.8.0-openjdk-headless-1.8.0.312.b07-1.el7.i686.rpm
MD5: ed2856755d235a658a52b9a7b39e82e9
SHA-256: 254bf33e01a5ce6e77231516aef893fdf399f7898b351a4e5c64fa4a804ed02d
Size: 32.88 MB