java-1.8.0-openjdk-1.8.0.322.b06-1.el7
エラータID: AXSA:2022-3022:01
以下項目について対処しました。
[Security Fix]
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition がアクセス可能な特定の
データに対し、認証されていない update や insert、delete アクセスが出来る
脆弱性があります。(CVE-2022-21248)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition がアクセス可能なデータの
サブセットへ、未認証の読み込みアクセスが可能となる脆弱性があります。
(CVE-2022-21282)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21283)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21293)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21294)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition がアクセス可能なデータの
サブセットへ、未認証の読み込みアクセスが可能となる脆弱性があります。
(CVE-2022-21296)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21299)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition がアクセス可能な特定の
データに対し、認証されていない update や insert、delete アクセスが出来る
脆弱性があります。(CVE-2022-21305)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21340)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21341)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21360)
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21365)
パッケージをアップデートしてください。
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.322.b06-1.el7.src.rpm
MD5: 3059ad679289ff23374c6610cc90e48c
SHA-256: c2b0f6f0444c0f136fd5c927346929abf955fb3d7b8d115f7cf8f012fbf53f81
Size: 55.67 MB
Asianux Server 7 for x86_64
- java-1.8.0-openjdk-1.8.0.322.b06-1.el7.x86_64.rpm
MD5: ca2b9c3aee2c8b05922b01e49ce2754f
SHA-256: aa0bca4577cc74a6ddf1097858939d8151fc7cb22800c16ffa7839071241ce56
Size: 312.67 kB - java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7.x86_64.rpm
MD5: d210eccd92dc92ad29a40507a396e97e
SHA-256: 932c855126695f5d6c436f33451ceb9a19418deac7d6595f313da9d34a72340d
Size: 9.84 MB - java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7.x86_64.rpm
MD5: 6c76916403c023453f72b27de368f11c
SHA-256: 6a5b6256923efda3b0f5f1eef84819664fdbc86844fca4982af8e00cf8391936
Size: 33.06 MB - java-1.8.0-openjdk-1.8.0.322.b06-1.el7.i686.rpm
MD5: 49f694368732259aa746c4724131fb2d
SHA-256: 33e676582e78168710f08b3951c7008d74836e2d187b1b10741a57acfbeceaae
Size: 312.22 kB - java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7.i686.rpm
MD5: d60dadcee7f9fd9ee0ba1a5a331bd8e4
SHA-256: e26266f10151b340d0cc3a093500f8809a7a0bc6e973afb46e93f84febe51fc7
Size: 9.84 MB - java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7.i686.rpm
MD5: dd14082a9790bd7949864f9401ca422d
SHA-256: 0d7ce25c4a7688723288229e7ad196699da2f2e8d75f23d8cec1803615382c8e
Size: 32.89 MB