java-11-openjdk-11.0.13.0.8-1.el7
エラータID: AXSA:2021-2490:12
以下項目について対処しました。
[Security Fix]
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、クリティカルな
データへの不正アクセスや Java SE と Oracle GraalVM Enterprise Edition がアクセス可能な
全てのデータへ完全にアクセス出来てしまう脆弱性があります。(CVE-2021-35550)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35556)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35559)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35561)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition がアクセス可能なデータへ不正な
UPDATE, INSERT, DELETEアクセスが出来てしまう脆弱性があります。
(CVE-2021-35564)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる不正な権限を
取得してしまう脆弱性があります。(CVE-2021-35565)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
Kerberos 経由でネットワークにアクセスしている低い権限を持つ攻撃者が、攻撃者以外の
人間が関与することにより、クリティカルなデータへの不正アクセスや Java SE と
Oracle GraalVM Enterprise Edition がアクセス可能な全てのデータへ完全にアクセス
出来てしまう脆弱性があります。(CVE-2021-35567)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる不正な権限を
取得してしまう脆弱性があります。(CVE-2021-35578)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35586)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition がアクセス可能なデータのサブセットへ不正な
読み込みアクセスが出来てしまう脆弱性があります。(CVE-2021-35603)
パッケージをアップデートしてください。
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
N/A
SRPMS
- java-11-openjdk-11.0.13.0.8-1.el7.src.rpm
MD5: 8edaf3085583cceba268a6798f7d304a
SHA-256: cc1b3255c45e99b83e6911f4b61016c46627084da0d014179c2cef7533c603e6
Size: 74.89 MB
Asianux Server 7 for x86_64
- java-11-openjdk-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 303506b881a5585ef23f3fe6d5f7d3ed
SHA-256: 2acc46ddfc4b9157ccb57f00364b6a242d67b6e211d9f4641558b45d8a929681
Size: 232.38 kB - java-11-openjdk-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 369cef9d86b807494c115ccf78eb5fb6
SHA-256: a7ad7915703d9c1b3584f9f7ffb911a02a8b2f33e66da614cc4c1f610282f6f5
Size: 237.53 kB - java-11-openjdk-demo-11.0.13.0.8-1.el7.x86_64.rpm
MD5: a805ce19857fa298247be49abd827617
SHA-256: ba39c0726a042f38df170e555400418c28da1f217fc20d73d3581834b4727637
Size: 4.35 MB - java-11-openjdk-demo-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 85ec0af432c2f8ee12c6f4e3ca21988d
SHA-256: 3a886e669b0fa05005d529851afad30b40c9b8361202169d604733a8a2e6cb33
Size: 4.35 MB - java-11-openjdk-devel-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 1f582c6a1b44789281992b7a947abea2
SHA-256: 3ddbefcd2735240616828e3f7b42b3b9783f55d581e57d673bd343f35372815e
Size: 3.37 MB - java-11-openjdk-devel-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 94748740edc21854e79888280eb0898e
SHA-256: 62acc9165a3c62760a8bd2e7e340d900503d6da6e94970046da7ad768c011cdd
Size: 3.38 MB - java-11-openjdk-headless-11.0.13.0.8-1.el7.x86_64.rpm
MD5: b6f43b464b82c55a6ce34acb3939454a
SHA-256: cdbe48195fe344756fde6ee4c38ab8b1d4af7611c139f4224eb514a7f5035cf9
Size: 39.19 MB - java-11-openjdk-headless-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 8254b6457edbc95124e35c78430972af
SHA-256: 678dee29837f815279e0308b895793012e3b0e375afe3108ed956c10603c802b
Size: 41.80 MB - java-11-openjdk-javadoc-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 606e9715a60ed21af4b2bfb3be86ebbf
SHA-256: dc739128916570fd01657e4f6883cea911c2b66143a894ff1c209a29f47e4507
Size: 16.09 MB - java-11-openjdk-javadoc-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: d7f200d02518e4aaf119012f34a35782
SHA-256: 3a64d84ec0638896e0d67c3779190cb10a9cc97c7a58b6dd1cfd6c6e9cbeb8b8
Size: 16.09 MB - java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7.x86_64.rpm
MD5: cdcf73cdaf5a3f4dc6b439a6f6c8a490
SHA-256: 775e72843273eab62c05e152205af4afebde27a63c4997954438c25694af76da
Size: 41.94 MB - java-11-openjdk-javadoc-zip-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 56375d211b1640af2745bbe3fe25a48a
SHA-256: 5aa618403ff032547e3c9b14a9105128cde7fad690879a11d64aef0ecca54335
Size: 41.94 MB - java-11-openjdk-jmods-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 5813f70590e46bff7f346dc018958604
SHA-256: 0e0ea13c3a1a367351fa342224eda8abd94d41dc9fbfe13b7caed5a569b58849
Size: 310.18 MB - java-11-openjdk-jmods-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 031312f2b4eed78fd4b0753dae544cea
SHA-256: 360776fe30729168445a3c600d0bcccbf941cdbdbe9a5239d3ec84f2d39fdfba
Size: 177.21 MB - java-11-openjdk-src-11.0.13.0.8-1.el7.x86_64.rpm
MD5: 721d736c1d76ad7ecec805902456ca40
SHA-256: e73591daf303c0fe02ec3c09cd9f4f31332fd15ebd4d4d206297506e02082dcb
Size: 50.31 MB - java-11-openjdk-src-debug-11.0.13.0.8-1.el7.x86_64.rpm
MD5: e06c77cdd8e09b5adec45743fff07a6d
SHA-256: 88672a3204ce9363d9977992f19ee77aed4f0fbf0c933c5c4a51a1a5e6510e29
Size: 50.32 MB - java-11-openjdk-11.0.13.0.8-1.el7.i686.rpm
MD5: 217c9e22289f0350aa3ff531f4727447
SHA-256: e2edd9c91b1496329121c6c32e14c3d3ac1d671441f280a19d60b71003820552
Size: 228.55 kB - java-11-openjdk-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: ef01df4530f7f55bcdaa81222ab235ec
SHA-256: 912becfae7508f88cc880ca8bd19a77d05d2c5ac989178acca3c941ff270a994
Size: 231.66 kB - java-11-openjdk-demo-11.0.13.0.8-1.el7.i686.rpm
MD5: 0bf96411cc8cd1080ef79facf841d617
SHA-256: 3b5aafeee57fcd5dae2cbf6a9a5817953dd7c324ae762aa6599a1592e5ba8a13
Size: 4.35 MB - java-11-openjdk-demo-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: ca841c820ba47233b6022854e24c25e9
SHA-256: 006c90e5bc14cf0719cefaee8b1a37ffd3f93582e431deec6a4e2d4d2d5a77d1
Size: 4.35 MB - java-11-openjdk-devel-11.0.13.0.8-1.el7.i686.rpm
MD5: f53cae55383c6b295028d1d2e38d0659
SHA-256: 756aba2b3773d2b6a2e23395d45c2bc6eed417ee8f6b5d613a3db0535971e0cb
Size: 3.35 MB - java-11-openjdk-devel-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: 6e98532db405eb5eef98ee509489b7c5
SHA-256: 49828ed3c30c0b91155d04cbf34ea48e152e259830f26e29b8d0bc481f144007
Size: 3.35 MB - java-11-openjdk-headless-11.0.13.0.8-1.el7.i686.rpm
MD5: caaf4eaaa83009c09c3a59f998d40292
SHA-256: a6fc17d964e3306a885b383b78a7c8a4d213d8c2f41422ac51554ff1bee300a9
Size: 35.29 MB - java-11-openjdk-headless-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: 1daf78f26fb2312b5d27920b205d1919
SHA-256: ca850f7a921808f52addae60599f2c50ce9f86d5c8ec6189c6580024d8f47772
Size: 37.30 MB - java-11-openjdk-javadoc-11.0.13.0.8-1.el7.i686.rpm
MD5: 76a3482d1bf03910e0e1764da2f7d6d4
SHA-256: 4f20258ddfacaf0c4b4b1464b30a33fcbe79e224b11ba258a75cf463ec3e980d
Size: 16.09 MB - java-11-openjdk-javadoc-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: f931caa38c64dfc10ee61f20c7f3654e
SHA-256: bec06208dc308444a410efdb21313a650de02793c69b5f0ea6d8a5c81ab367f5
Size: 16.09 MB - java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7.i686.rpm
MD5: 5b0d331015e8fd9cfa44db4784c7f47d
SHA-256: 1c9cf9f331a516de469089b00d4a62a1cc6c1e7734e8166becadd58dd010644c
Size: 41.97 MB - java-11-openjdk-javadoc-zip-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: e4b19e93150413079686d0e86eb88bcd
SHA-256: 15a2e758414ef99daac90145e2127765b71a4c4ee87c5e5c11a745e33f497238
Size: 41.97 MB - java-11-openjdk-jmods-11.0.13.0.8-1.el7.i686.rpm
MD5: c12760c81b4a0c6eaa6e3d24e91c687c
SHA-256: c7470f481f2e12568f043f237be0413f697f67b4d8d433ba9f3cb55496fcafd0
Size: 262.10 MB - java-11-openjdk-jmods-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: f2e7ec6b54dc84312861637236e3fc03
SHA-256: 1d45f2fe384e8db37b40aea4a9156e5db414f6a49483b261cb7429b83dd1ffd6
Size: 150.34 MB - java-11-openjdk-src-11.0.13.0.8-1.el7.i686.rpm
MD5: 13c82d6bfccb2a4f74b9c6a43515c0a0
SHA-256: 8667ffae1ca9b5a5d6e36534e3e0fb9e4e1bf0c3d795ad52329b5ba4daa013a8
Size: 45.58 MB - java-11-openjdk-src-debug-11.0.13.0.8-1.el7.i686.rpm
MD5: e7901329995ff07fe692c0e1db069f32
SHA-256: 1e542dd1726ab4e7c3560f5ed16d3175535fd5bc600695d1645954247a12cb57
Size: 45.59 MB