java-1.8.0-openjdk-1.8.0.312.b07-1.el8
エラータID: AXSA:2021-2491:12
以下項目について対処しました。
[Security Fix]
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、クリティカルな
データへの不正アクセスや Java SE と Oracle GraalVM Enterprise Edition がアクセス可能な
全てのデータへ完全にアクセス出来てしまう脆弱性があります。(CVE-2021-35550)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35556)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35559)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35561)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition がアクセス可能なデータへ不正な
UPDATE, INSERT, DELETEアクセスが出来てしまう脆弱性があります。
(CVE-2021-35564)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる不正な権限を
取得してしまう脆弱性があります。(CVE-2021-35565)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
Kerberos 経由でネットワークにアクセスしている低い権限を持つ攻撃者が、攻撃者以外の
人間が関与することにより、クリティカルなデータへの不正アクセスや Java SE と
Oracle GraalVM Enterprise Edition がアクセス可能な全てのデータへ完全にアクセス
出来てしまう脆弱性があります。(CVE-2021-35567)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる不正な権限を
取得してしまう脆弱性があります。(CVE-2021-35578)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
Java SE と Oracle GraalVM Enterprise Edition の部分的なサービス拒否を引き起こせる
不正な権限を取得してしまう脆弱性があります。(CVE-2021-35586)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
複数プロトコル経由でネットワークにアクセスしている認証されていない攻撃者が、
攻撃者以外の人間が関与することにより、Java SE と Oracle GraalVM Enterprise Edition の
部分的なサービス拒否を引き起こせる不正な権限を取得してしまう脆弱性があります。
(CVE-2021-35588)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険にさらすために
TLS 経由でネットワークにアクセスしている認証されていない攻撃者が、Java SE と
Oracle GraalVM Enterprise Edition がアクセス可能なデータのサブセットへ不正な
読み込みアクセスが出来てしまう脆弱性があります。(CVE-2021-35603)
パッケージをアップデートしてください。
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.312.b07-1.el8.src.rpm
MD5: 8c62a03100b1874518bce6ec4ad218d2
SHA-256: 6a85ac6247a6a3c00a0ab5abe89aa720195a77d57f0e5215de6340191d9b4385
Size: 55.83 MB
Asianux Server 8 for x86_64
- java-1.8.0-openjdk-1.8.0.312.b07-1.el8.x86_64.rpm
MD5: 469c7fc115aa38dcaa8bb71517491f4b
SHA-256: 264ab5979f0a8c0eacba17fbcebfb06538013a4c86e75a2a6572b4a7a695d20a
Size: 335.88 kB - java-1.8.0-openjdk-accessibility-1.8.0.312.b07-1.el8.x86_64.rpm
MD5: 1b05e6044c8b3bf97a446e5e7dde2356
SHA-256: 6be5b94a2f1c4df1614073bcd2acb27fc81fdcba0d2625c4635dccf8a66c3729
Size: 98.54 kB - java-1.8.0-openjdk-demo-1.8.0.312.b07-1.el8.x86_64.rpm
MD5: f090f6acfdeb7ebf8d9519fe50d9629d
SHA-256: 44613ddd80c1f4c16bf6bbd4d7d3363bdf9ca673011e575035904e8ab46e6f9b
Size: 2.01 MB - java-1.8.0-openjdk-devel-1.8.0.312.b07-1.el8.x86_64.rpm
MD5: 435869373d21f346de7bbb4b7e3a0c6a
SHA-256: 01dbda9108c5dcd48847ab97efc1754a639e737e2fd08c445c9734f7dadc7f51
Size: 9.86 MB - java-1.8.0-openjdk-headless-1.8.0.312.b07-1.el8.x86_64.rpm
MD5: 8a86568f9c305c4d551a45a5a7da467b
SHA-256: 561105c91d20833155c5ab11db22bce28b18ba17f79323c72ffad6115baf0fbe
Size: 33.89 MB - java-1.8.0-openjdk-javadoc-1.8.0.312.b07-1.el8.noarch.rpm
MD5: f3a1173cb8d44bdb1b71bfdea3d8c80e
SHA-256: e7866ec231b74070b9e28b8ec2adb22adf808995617641ae3d2f319e3d490a99
Size: 15.17 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.312.b07-1.el8.noarch.rpm
MD5: ba4c1a427faae0a96184a88f180c9188
SHA-256: 92efd9cb1bed04375b82bd35d1b43d34848e19a70a6ffa17a0be9b1ad4f7c576
Size: 41.64 MB - java-1.8.0-openjdk-src-1.8.0.312.b07-1.el8.x86_64.rpm
MD5: dcf4acdb447cf083c6434991ad6e5aed
SHA-256: df559e98a924b043cccd607003eb51640128e880b651ef758c76fa2f0e76a440
Size: 45.57 MB