java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4

エラータID: AXSA:2012-898:04

リリース日: 
2012/09/21 Friday - 13:48
題名: 
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]

-Oracle Java SE の Java Runtime Environment (JRE) には、AWTに関する処理に不備があるため、AWTを介して他の脆弱性を悪用される脆弱性が存在します。 (CVE-2012-0547)

-Oracle Java の Java Runtime Environment コンポーネントには詳細不明の脆弱性が存在し,Beansに関連する要因によって,リモートの攻撃者が機密性,整合性,可用性に影響を与える脆弱性があります。
なお,この脆弱性は CVE-2012-3136 とは異なる脆弱性です。(CVE-2012-1682)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2012-1682
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
CVE-2012-0547
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4.src.rpm
    MD5: a1e87955a203de0c3b07373083f0395d
    SHA-256: ce3717689dcfeca55fa6b8eb4121ae73993a82944d1a773340963311b4806456
    Size: 62.10 MB

Asianux Server 4 for x86
  1. java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4.i686.rpm
    MD5: 03df62b09ba45279e20e2c433581bc1e
    SHA-256: 98c4cc50d5494d513bd2ddf2247fce5d1947e8dcde2619e1d21aaae789039bf4
    Size: 26.04 MB
  2. java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.AXS4.i686.rpm
    MD5: 8b0b48d15c30fb79f0359f0a0112efbc
    SHA-256: 5619ba3be3e2296f86ad94fb99718c9a96684c956f2de11009aa469d8894cce9
    Size: 8.55 MB
  3. java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.AXS4.i686.rpm
    MD5: 6659eabf8b41c45d524a32e33a55907b
    SHA-256: 53d1df836d4a782c51e022006f49263e1bcd123df2218027476a2d51e95bbc34
    Size: 14.37 MB

Asianux Server 4 for x86_64
  1. java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4.x86_64.rpm
    MD5: b63ba6842c076b9c8e8653d47e4c7621
    SHA-256: df290d175e7ccb45a5ee3b1d4bd207183cab9dd24e1681c4cb23d23c5999079d
    Size: 25.06 MB
  2. java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.AXS4.x86_64.rpm
    MD5: 4fba44388e1a1c72a44209e98b314e12
    SHA-256: 180e72e7cf9baef880484a76eb4189dcb67e437afca8c00f2fd1ea7447850429
    Size: 8.53 MB
  3. java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.AXS4.x86_64.rpm
    MD5: 10e9d1dd15f8d6d6a6f8bbbea011b339
    SHA-256: 495f96919799adc09adf98fa9a242bf781cec75688a3d652ebcb465254159fe8
    Size: 14.38 MB