java-1.8.0-openjdk-1.8.0.362.b08-1.el7

エラータID: AXSA:2023-4855:02

リリース日: 
2023/01/24 Tuesday - 17:52
題名: 
java-1.8.0-openjdk-1.8.0.362.b08-1.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Serialization コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルによるネットワークアクセスを介して、
許容されていないデータの操作 (挿入、更新、削除) を可能とする脆弱性が
存在します。(CVE-2023-21830)

- Java の Sound コンポーネントには、認証されていないリモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、許容されて
いないデータの操作 (挿入、更新、削除) を可能とする脆弱性が存在します。
(CVE-2023-21843)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-21830
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.362.b08-1.el7.src.rpm
    MD5: d397956339fd7bde8097649512aef485
    SHA-256: 6bebf470e0045e81f0de72b8d47e711c0274730f2628158b909ab1735a54ef4c
    Size: 55.73 MB

Asianux Server 7 for x86_64
  1. java-1.8.0-openjdk-1.8.0.362.b08-1.el7.x86_64.rpm
    MD5: f27ca80cf4d954a7d582123b34f413be
    SHA-256: ac3ad264cd43fa9ad1104e9887fb47c97e99b7c862fab6e41dd8fa858ed37e57
    Size: 315.64 kB
  2. java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el7.x86_64.rpm
    MD5: 0ed7efe3d97daabbc6aa3f78d137aef5
    SHA-256: 07273c6dbef0b3e828d537168891fc91322d68593867a6b195c816e73f7b24c9
    Size: 9.84 MB
  3. java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el7.x86_64.rpm
    MD5: d3683b938db8e27f7d7839b217f20e6b
    SHA-256: 8c3f1ab2729230a2d9df9e4fb113fcb2a3abfdc2355960b719c00fcb6ee80612
    Size: 33.10 MB
  4. java-1.8.0-openjdk-1.8.0.362.b08-1.el7.i686.rpm
    MD5: e965698280b3df8b822dbc1627e8ea70
    SHA-256: 0b419ae3bbc8bbd5809b05fded7d3f85081db4263ea4ddd5ccbfbbd469382e34
    Size: 315.08 kB
  5. java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el7.i686.rpm
    MD5: 11572151f0b954c51021052b024de8a7
    SHA-256: 19f11ca9fda6020a7c75401ff9e6bbfdf6f4d229dcd494f927314edd01d0debc
    Size: 9.84 MB
  6. java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el7.i686.rpm
    MD5: 248a6d98ea01a62520a932e1141b22a6
    SHA-256: 0dd32ccaba3a08d87f37552cb53ee88137e274f073f0e89e98f23305b80e6eeb
    Size: 32.93 MB