java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.AXS4
エラータID: AXSA:2013-202:02
リリース日:
2013/03/19 Tuesday - 13:50
題名:
java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.AXS4
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java Runtime Environment (JRE) コンポーネントの 2D コンポーネントには詳細不明の脆弱性が存在し,リモートの攻撃者が任意のコードを実行する脆弱性があります。
なお,この脆弱性は CVE-2013-1493 とは異なる脆弱性です。(CVE-2013-0809)
- 2D コンポーネントのカラーマネージメント (CMM) 機能には,巧妙に細工されたラスタパラメータを持つイメージによって,リモートの攻撃者が任意のコードを実行したりサービス拒否 (クラッシュ) を引き起したりする問題を修正しました。 (CVE-2013-1493)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-0809
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.AXS4.src.rpm
MD5: 8bceafed7de38c2345153244cdfa6110
SHA-256: 1b21d585ea2cd1e8d17f08be8c2d80f1302c16d1037bb79239480cb4bd2f0cba
Size: 59.71 MB
Asianux Server 4 for x86
- java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.AXS4.i686.rpm
MD5: 6da04a6325943a3cddcfd32aaa766203
SHA-256: 26a62472acd540295a5a9b888f76092cad6b65b93f780c5df235f85b3873e08d
Size: 26.07 MB - java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.AXS4.i686.rpm
MD5: d919f313e0b3c4e874fba0233d286908
SHA-256: a970d0dd88fc4299bbd9c9a73d7fb14d0d4a565c15a3993d7c7502d26424de9c
Size: 8.54 MB - java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.AXS4.i686.rpm
MD5: dc85f6802a326aa5af13c86451be435a
SHA-256: 2c83eeeb60f3dfccd5f09a34d9c74a299106f65c697caf2cb9d367e17975d51a
Size: 14.37 MB
Asianux Server 4 for x86_64
- java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.AXS4.x86_64.rpm
MD5: ef8e88281085ef78dd629e24864e43c8
SHA-256: 98eba1906acfaeeb73959d581a9566c84030cabf2726196c9c653e5f676f4bee
Size: 25.10 MB - java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.AXS4.x86_64.rpm
MD5: 89d1fe443ff26c595056b998103a9af5
SHA-256: 55fff85b4412956d21fcee474bb5e500705aa5ad6cf1cf3a1d2915f83b1322b0
Size: 8.53 MB - java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.AXS4.x86_64.rpm
MD5: d4e539291869e5412e29f3c6c47091e0
SHA-256: 2f6a584c24c7594fab147a445dd05a8f8d9838934514bb4fd7c6868692283bc5
Size: 14.37 MB