java-1.8.0-openjdk-1.8.0.392.b08-2.el7
エラータID: AXSA:2023-6510:18
リリース日:
2023/10/19 Thursday - 01:42
題名:
java-1.8.0-openjdk-1.8.0.392.b08-2.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の CORBA コンポーネントには、リモートの攻撃者により、
CORBA 経由でのネットワークアクセスを介して、不正なデータの
操作 (更新、挿入、および削除) を可能とする脆弱性が存在します。
(CVE-2023-22067)
- Java の JSSE コンポーネントには、リモートの攻撃者により、
HTTPS 経由でのネットワークアクセスを介して、部分的なサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-22081)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-22067
Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-22081
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.392.b08-2.el7.src.rpm
MD5: f63aaeb0d5bfcf566a9ab4b7313106d7
SHA-256: 9d193ff9f449429a1afefb9079a232f4898bec4864587ec457a9f27721e4d6b0
Size: 57.39 MB
Asianux Server 7 for x86_64
- java-1.8.0-openjdk-1.8.0.392.b08-2.el7.i686.rpm
MD5: 559cd9f0081155d0bb2a775e667cb45e
SHA-256: e4f4ae82d2b259d5577a872cd358d77239882e2cf4a4ecdfd075dee8e936e049
Size: 317.65 kB - java-1.8.0-openjdk-1.8.0.392.b08-2.el7.x86_64.rpm
MD5: e2cdb5667bed15808d255609edd53530
SHA-256: c6afc0319b3e3bb3fb57f5ed48f1fd9c424f3175408a26014f3fe1bc8b510894
Size: 318.11 kB - java-1.8.0-openjdk-devel-1.8.0.392.b08-2.el7.i686.rpm
MD5: 9efe5e22abe0cbcc76bd2e3d4d17188a
SHA-256: ad102c7a52af463a903617d401344a90fc5cf9cf171896e78ad8df9e8856c5c9
Size: 9.85 MB - java-1.8.0-openjdk-devel-1.8.0.392.b08-2.el7.x86_64.rpm
MD5: 864405d06fe313040825935cec134ea6
SHA-256: 11837cb1002f052e8603e73d6ae35c613cd0ac9570fdc3478686cb09e13fa75b
Size: 9.85 MB - java-1.8.0-openjdk-headless-1.8.0.392.b08-2.el7.i686.rpm
MD5: 3ca2c460bae4011f80eec93fa60edaee
SHA-256: 3758a3735201a6adcdac57e27d011e9eb24c8233bc42422b6c7e9d0c133c0feb
Size: 33.00 MB - java-1.8.0-openjdk-headless-1.8.0.392.b08-2.el7.x86_64.rpm
MD5: 010f6c980a5d6867e4934c73eeb73a30
SHA-256: 35c879fd64976349391970ece1ad69c6edeccc5e929ac143bde4d6e0509a78a4
Size: 33.17 MB
English