java-1.8.0-openjdk-1.8.0.382.b05-2.el8
エラータID: AXSA:2023-6261:16
リリース日:
2023/07/26 Wednesday - 01:54
題名:
java-1.8.0-openjdk-1.8.0.382.b05-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2023-22045)
- Java の Libraries コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-22049)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-22049
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.382.b05-2.el8.src.rpm
MD5: 8d2891ff61617a99100238b42c3a7620
SHA-256: 72c2f3d225b3146a052726ff9191dd8444608bf72039d440418b85cfa7970dfe
Size: 57.31 MB
Asianux Server 8 for x86_64
- java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 34dba2465c656e22ebdd3f4d5455a3cc
SHA-256: b9fae3f556d351b9acd0ff7bed3729d1be4928a296681bc72c4c419b50d75bda
Size: 547.39 kB - java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 0a0bb08cf8ca54293abc0f469c7c83ab
SHA-256: f7e12077645c58c21a31bafbdba497f62155e0fd9b7fed88094f1b73b6c09ad7
Size: 116.63 kB - java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 7487c86c05047352dde3039a845a20c5
SHA-256: eec1706d03599d3049627c493af015ea5938d7e8b0a5b036f28d7079236a6e23
Size: 116.48 kB - java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 9cb8d16c37ff488cad65f2a325132906
SHA-256: 34b9bee5e798e9ca1f6ee1c3066613cf89a3a5adb528a81bd3926520e0f01916
Size: 116.48 kB - java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 4e2791f24085367cad1ce0461389f13c
SHA-256: c5a0f43fa0063d3d8cac7243fb8f919b53ead615e924b1cf88a5fc5a0803f213
Size: 2.06 MB - java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 0be3a025cb5d17fd47cc4c3c9a1ab3fd
SHA-256: c6d8e95226f33faf83dacb6267d095fa6af07e5d2eda1afaf4731758d3b3c89e
Size: 2.08 MB - java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 6879f6c1bcc2ff79ae41a6a6f322e120
SHA-256: 68dce0264fa29245537dbc6cf2b6ef91200a53059be4396bea785bb8c472399a
Size: 2.08 MB - java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 7fa08bea6c75c5010274169738201e5f
SHA-256: 8859a2239556a2870f7a74aaf00fa23888b56db93a6cf42756a4d2595c6c0f15
Size: 9.93 MB - java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: cdfd497f706638d97239bf6e73191438
SHA-256: 6ead3eff600b3d6811b5c891de0745d8457d63086ed436a529118174ef586c1c
Size: 9.95 MB - java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 103ba52d8b1dcaae05418d63ce6765e1
SHA-256: f787cab20701d82776c808497f2fc2f186c91af6e786a3da606f5d31e52cc2f6
Size: 9.95 MB - java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: ae05f1f940d403db916d5151af55d647
SHA-256: 8c21776f4249259e36ebcc03d36b0156b016c1d65340b802230e427301f5b766
Size: 560.78 kB - java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 22c44d45cdca49b572302155fd32b616
SHA-256: cb3c80d89f5c3a93fbd993593acc12c53498ae9dc4edd6263ffe770aff54a7e8
Size: 34.44 MB - java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 544958b8c268b74a811c9f64740db4d9
SHA-256: 68d69b6bafaaf424b2d71555423ae48eb5a2e2fbdabad0b928d16d704a3bfeb7
Size: 38.09 MB - java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 4f7c4e64e904ae3200f667ec58e559c4
SHA-256: 5c7063517028c8573e6c36a15ff168314f8f759391a320a79e5fb924b28fa27a
Size: 36.27 MB - java-1.8.0-openjdk-javadoc-1.8.0.382.b05-2.el8.noarch.rpm
MD5: e2c2912783d73e10417f5862cad42355
SHA-256: 3b52b8a11546e557ef9e00ffb4253a9b9d4d05d8157eba70e8779062329b8685
Size: 15.19 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-2.el8.noarch.rpm
MD5: fe5ad3bf9d8f482e44bc8b0ec4f60a97
SHA-256: dd65a6654f0667bbfa76d0b44f83662556ac6bd55029dbbc01e83f025e28873e
Size: 41.69 MB - java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 527c5a18d280a7c9f72ea8104f0f8af0
SHA-256: 072ba7a01630125cdf469435765fc22d97942d18269674918b50ac8a37a1fb1a
Size: 537.16 kB - java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 6a914b87e7e3bcca3172becc5cea8465
SHA-256: 3d627e776a2cabc49302052fbb659d558f2d3377e85f427d319497fbe6848922
Size: 45.48 MB - java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: 3cf80a1e06bb5f37d6e0f317aec8cec1
SHA-256: e7843322d8303c79a2aeae27ae93ebf9d89ffd06aabdccf46035c1c70b995af2
Size: 45.48 MB - java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
MD5: c10b1f60c52e5ed7805aa09903498773
SHA-256: 2652344e6829babc58359c12773563e8f6a19fb136e50d80f4fbdf98393c9503
Size: 45.48 MB