java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el7.AXS7

エラータID: AXSA:2025-11571:20

リリース日: 
2025/12/23 Tuesday - 13:46
題名: 
java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Security コンポーネントには、リモートの攻撃者により、
複数のプロトコルによる不正なネットワークアクセスを介して、
不正なデータの作成、削除および変更を可能とする脆弱性が存在します。
(CVE-2025-53057)

- Java の JAXP コンポーネントには、リモートの攻撃者により、
複数のプロトコルによる不正なネットワークアクセスを介して、
機密情報の漏洩を可能とする脆弱性が存在します。(CVE-2025-53066)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-53057
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el7.AXS7.i686.rpm
    MD5: aa3596df5e73930afae546b11bb2e676
    SHA-256: eed03bb200f6791fc2a4f3bd7f816ad123e96fc56d85d5c476c2da403552a70d
    Size: 320.26 kB
  2. java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 65e263b3ca8770bd48c42d5c69bcd6f4
    SHA-256: 28ad58714aefb6f89f83b3afc61629d039f162b5db213cf7380bd3952a4eca90
    Size: 320.79 kB
  3. java-1.8.0-openjdk-devel-1.8.0.472.b08-1.0.1.el7.AXS7.i686.rpm
    MD5: 5b60fe165e4f96ea33fc0015fe0236d9
    SHA-256: 17c0742d6b80647481fa3bf8db5be677e29f320b67395c92c16d5e69285f982a
    Size: 9.86 MB
  4. java-1.8.0-openjdk-devel-1.8.0.472.b08-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 3f1a357afc1b740a780bef6f8f67818e
    SHA-256: 53294ef6c092eddbd54a1eb5c8eb5690ff28a49db450efbbf72a0f45597babbf
    Size: 9.86 MB
  5. java-1.8.0-openjdk-headless-1.8.0.472.b08-1.0.1.el7.AXS7.i686.rpm
    MD5: 2bf8e52e069f890eeecf0d3e0c6ab7ce
    SHA-256: 97c40e5386ad3e5887c9d9100ebc820f08890a1a3039d4f654bebbd17e6ae648
    Size: 33.04 MB
  6. java-1.8.0-openjdk-headless-1.8.0.472.b08-1.0.1.el7.AXS7.x86_64.rpm
    MD5: e01dcf6ae699e4cf560928a38395b897
    SHA-256: d3ac4fe8db08c0ea9e7742292566c77aa54b92d460e6c69486210047b11466b7
    Size: 33.20 MB