java-1.8.0-openjdk-1.8.0.382.b05-1.el7
エラータID: AXSA:2023-6248:13
リリース日:
2023/07/20 Thursday - 09:35
題名:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2023-22045)
- Java の Libraries コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-22049)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-22049
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.382.b05-1.el7.src.rpm
MD5: d5e4c203b02422aac34da9a2e02ccbc4
SHA-256: 3bb1adc6b561cb1e195ff54544b9bff49f4d2989be3ed09714ae633219422e6d
Size: 57.30 MB
Asianux Server 7 for x86_64
- java-1.8.0-openjdk-1.8.0.382.b05-1.el7.i686.rpm
MD5: 6eb0c349b73125288d21ce8d4efe11e7
SHA-256: 62a50d939677fc653de72cbe32ec3c3e4e14036ce06ba8760fad5de7c6c16596
Size: 316.43 kB - java-1.8.0-openjdk-1.8.0.382.b05-1.el7.x86_64.rpm
MD5: d3a472f803e981883840691dc9fa7832
SHA-256: f46dbdbc921fbae03339c71a5af71eac1a1010b8b4f54bf159e8dce5e36bb377
Size: 316.89 kB - java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7.i686.rpm
MD5: 8762b75094367a0e7e57a0ee5d9fe282
SHA-256: d237b158ccd877c6aa57bf0b220bf9ec7f12dc7225723201df2521d1f250b8ff
Size: 9.85 MB - java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7.x86_64.rpm
MD5: 420dc61f9a16435164fd7dcb09613473
SHA-256: 4b0f33da7fd8b6a5e014fbf086f82c60c8d7471ed90097cd2d6bcee76f9d03b5
Size: 9.84 MB - java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7.i686.rpm
MD5: 4652e8a9482f18f66167e82b2550c76d
SHA-256: 5b2f57856abcfe9b2ca4f93cc99965415e755e094566e02525525ba3dafdd5f5
Size: 32.96 MB - java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7.x86_64.rpm
MD5: 9653cf3d319f51fe57be52c6c46476d1
SHA-256: 37411d6e2e649121682abb3fea7b1fc23394ff19ada4251e8a94f2457493e32e
Size: 33.13 MB