java-1.7.0-openjdk-1.7.0.9-2.3.8.0.AXS4
エラータID: AXSA:2013-203:03
リリース日:
2013/03/19 Tuesday - 13:50
題名:
java-1.7.0-openjdk-1.7.0.9-2.3.8.0.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java Runtime Environment (JRE) コンポーネントの 2D コンポーネントには詳細不明の脆弱性が存在し,リモートの攻撃者が任意のコードを実行する脆弱性があります。
なお,この脆弱性は CVE-2013-1493 とは異なる脆弱性です。(CVE-2013-0809)
- 2D コンポーネントのカラーマネージメント (CMM) 機能には,巧妙に細工されたラスタパラメータを持つイメージによって,リモートの攻撃者が任意のコードを実行したりサービス拒否 (クラッシュ) を引き起こしたりする問題を修正しました。 (CVE-2013-1493)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-0809
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.7.0-openjdk-1.7.0.9-2.3.8.0.AXS4.src.rpm
MD5: 6a8256a9677d6fc5ebfe848f7b50511a
SHA-256: 3a9dfa357c048a16f1b43b47a29aee1b14c3f966e659c7ae0256ca4eacae75fb
Size: 65.04 MB
Asianux Server 4 for x86
- java-1.7.0-openjdk-1.7.0.9-2.3.8.0.AXS4.i686.rpm
MD5: f2d096cfdec4e7ab7c192e72789c58d8
SHA-256: e43e58ba2bb0947257d10fe53d100ba788fcf8f6e2a52e20d91d2473cb2bbcb3
Size: 26.72 MB - java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.AXS4.i686.rpm
MD5: dacae207a97a8e6f32e6991be159d87d
SHA-256: 23f523f624bca39ce86df2a1e735b4dfe587afc1135cf66cc5b1a20a0d53666e
Size: 9.37 MB
Asianux Server 4 for x86_64
- java-1.7.0-openjdk-1.7.0.9-2.3.8.0.AXS4.x86_64.rpm
MD5: 8237bd9d9c9e567264db76381e1d97ce
SHA-256: 272610db1b909b69be5ffad9dfc1e1092c12ce29e21764052ed33ea158d729b7
Size: 25.53 MB - java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.AXS4.x86_64.rpm
MD5: 6f6df2061836347a00c205719bca1cdf
SHA-256: 212b43aa4287cd9444c6b033c9d2fb4b837b9bb7280bd8a59332f73c2ebc0e10
Size: 9.37 MB