java-1.8.0-openjdk-1.8.0.322.b06-2.el8

エラータID: AXSA:2022-3023:02

リリース日:

2022/01/27 Thursday - 22:28

題名:

影響のあるチャネル:

Asianux Server 8 for x86_64

Severity:

Moderate

Description:

以下項目について対処しました。

[Security Fix]
- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition がアクセス可能な特定の
データに対し、認証されていない update や insert、delete アクセスが出来る
脆弱性があります。(CVE-2022-21248)

- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition がアクセス可能なデータの
サブセットへ、未認証の読み込みアクセスが可能となる脆弱性があります。
(CVE-2022-21282)

- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition に部分的なサービス拒否を
引き起こせる、認証されていない権限を取得できる脆弱性があります。
(CVE-2022-21283)

- Java には、Java SE や Oracle GraalVM Enterprise Edition を危険にさらすために
複数のプロトコルを介してネットワークにアクセスしている認証されていない
攻撃者が、Java SE や Oracle GraalVM Enterprise Edition がアクセス可能な特定の
データに対し、認証されていない update や insert、delete アクセスが出来る
脆弱性があります。(CVE-2022-21305)

解決策:

パッケージをアップデートしてください。

CVE:

CVE-2022-21248
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVE-2022-21282
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVE-2022-21283
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2022-21293
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2022-21294
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2022-21296
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVE-2022-21299
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2022-21305
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVE-2022-21340
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2022-21341
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2022-21360
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2022-21365
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

追加情報:

N/A

ダウンロード:

SRPMS

java-1.8.0-openjdk-1.8.0.322.b06-2.el8.src.rpm
MD5: 3371e154a5f7286b58d51f2328f2048a
SHA-256: 319f16e59f951c50feb7ff1957032744b92f162d32c5d2560c48763449f9e2c5
Size: 55.69 MB

Asianux Server 8 for x86_64

java-1.8.0-openjdk-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 0eed41ead2ff1db7059aa2f0f74df3da
SHA-256: f154126708d08693b8da3c42ff41c0e145fa96a02b53f962d08afa7f3f891624
Size: 340.80 kB
java-1.8.0-openjdk-accessibility-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 095b499ae02084ee47ae65db2dceb3aa
SHA-256: f72aa60a4f92a40fdc9cfb2fd56283b57be7e32a6a728e1f3d6f878021ca8996
Size: 103.42 kB
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: afe1a0f91b20b44af5cd954be2654eb8
SHA-256: ed4022fbb2a5688e18555078643e1cbfb74dfab4fb93273f696495e060fe8a5e
Size: 103.27 kB
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 5160be9de9b722a58a864d5b015ad532
SHA-256: 7fd10dd5b470ff2ddfe02680cbf4681b4221cddb1c5b9c62d20dd11c82c6e1da
Size: 103.27 kB
java-1.8.0-openjdk-demo-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 08698c5974eb2b1f0d04885e2faafedf
SHA-256: 1d5b154217e2b7dc2b85d66bb65f783a81cccdd6855a9413411928f52dbed3cd
Size: 2.01 MB
java-1.8.0-openjdk-demo-fastdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: e45d45e771c4e10a1f70d58b94f9c4e2
SHA-256: 5f5832b0e19169de89b983b28cf52176b46df83cc51a45aeb8708e4deae26e85
Size: 2.03 MB
java-1.8.0-openjdk-demo-slowdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: cbc17adf6f596e31b4906409ca703ec7
SHA-256: 26bd919ddac86c1d2821ab45f3111676a33aa003dec05b79413ac05170f568d2
Size: 2.03 MB
java-1.8.0-openjdk-devel-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: c5aabd2d482d4e80302f6d49e0b53abe
SHA-256: 9d5f87d2c73a7b4153a880d4992afc3a981e41bef0ba06ea92d7e1ced8ebd04b
Size: 9.87 MB
java-1.8.0-openjdk-devel-fastdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 5195f679e05db4ee685cb8a50f78ece8
SHA-256: 1f03c80a594babc8cacf5970fa6e115c8846c61ed18b7f8b264217c86f1ec76b
Size: 9.88 MB
java-1.8.0-openjdk-devel-slowdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: cd974ba3a0e8f5500d2e55e7183a4e5e
SHA-256: db0a62ce04c0ea5f04fb12340040fecbcb6365f41017f7b4672610e5b88f2b81
Size: 9.88 MB
java-1.8.0-openjdk-fastdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 76ef0428485fdd9cbe79b87c5c2cbc3a
SHA-256: 34fda96b493818dcd87eb4f4e90712783d77e57eeb416255202cc2baed449c26
Size: 354.07 kB
java-1.8.0-openjdk-headless-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 4bfdf87903ad673162592d9fbd768d07
SHA-256: 0a4ae91e3e71bed35d933e554d5a2f181e0a3475be702357268f76e8b28b80d2
Size: 33.92 MB
java-1.8.0-openjdk-headless-fastdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: ef944e12368a9b83cbbd6fa42f9ceac3
SHA-256: 80a203cc4a580dd529a650fc98679c09f4d9035c69123b6737d3cace142d81af
Size: 37.58 MB
java-1.8.0-openjdk-headless-slowdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 104b423ba404b5a10f941f0cbc924478
SHA-256: fe73e48348e231252deb28957cb214ac041201d4338a083c7d9bde3e928a636c
Size: 35.75 MB
java-1.8.0-openjdk-javadoc-1.8.0.322.b06-2.el8.noarch.rpm
MD5: cceb6ee777c267131e4d0c9fbaf4345b
SHA-256: 87e5079d3e52996024c3f661624be718ff3a36c722238e9cfc4206135447bac7
Size: 15.18 MB
java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-2.el8.noarch.rpm
MD5: 78451a62a03ce7ed89d6c8f2a2b46418
SHA-256: d2293cbff47243c5d5adda55191d09ef774ed5f737c70fec9c48efe4fc4901f6
Size: 41.71 MB
java-1.8.0-openjdk-slowdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: a6b41b5c0bbe444d98040cd5bfc102c9
SHA-256: bc47793316a7d3c3702871fca9259b661c3081ea36e0682dd10f6d9a0cdca931
Size: 345.19 kB
java-1.8.0-openjdk-src-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: 6a70a178cd14ee5624f14a37db204db1
SHA-256: cfdc9c2502256ac9ff9c67e5223364ff377dd18b641406c2c5753bf452500dc0
Size: 45.59 MB
java-1.8.0-openjdk-src-fastdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: d56f0e951c63f930d925d555d9e5c363
SHA-256: 835a067ca22ef928350fdaa8354de4be5e398905603128439ab8fba79e2bec96
Size: 45.59 MB
java-1.8.0-openjdk-src-slowdebug-1.8.0.322.b06-2.el8.x86_64.rpm
MD5: ec0c11191939e7c31c7e01d921c3c9c4
SHA-256: e60a383865206fa460da5ab2cafb2d51c2901bb764eae535c34fbd1492e43e38
Size: 45.59 MB

English

Main menu

You are here

java-1.8.0-openjdk-1.8.0.322.b06-2.el8