java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.AXS4
エラータID: AXSA:2013-521:04
以下項目について対処しました。
[Security Fix]
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには 2D に関連する要因によって,ローカルのユーザが機密性と整合性に影響を与える詳細不明な脆弱性があります。
(CVE-2013-1500)
- Oracle Java SE の Javadoc コンポーネントには,Javadoc に関連する要因によって,リモートの攻撃者が整合性に影響を与える詳細不明な脆弱性があります。(CVE-2013-1571)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,ライブラリに関連する要因によって,リモートの攻撃者が機密性と可用性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2407)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,Serviceability に関連する要因によって,リモートの攻撃者が機密性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2412)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,ライブラリに関連する要因によって,リモートの攻撃者が機密性に影響を与える詳細不明な脆弱性があります。
なお,これらの脆弱性はそれぞれ異なる脆弱性です。(CVE-2013-2443, CVE-2013-2452, CVE-2013-2455)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,AWT に関連する要因によって,リモートの攻撃者が可用性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2444)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,Hotspot に関連する要因によって,リモートの攻撃者が可用性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2445)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,CORBA に関連する要因によって,リモートの攻撃者が機密性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2446)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,ネットワーキングに関連する要因によって,リモートの攻撃者が機密性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2447)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,サウンドに関連する要因によって,リモートの攻撃者が機密性,整合性,可用性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2448)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,Serialization に関連する要因によって,リモートの攻撃者が可用性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2450)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,JMX に関連する要因によって,リモートの攻撃者が整合性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2453)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,Serialization に関連する要因によって,リモートの攻撃者が機密性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2456)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,JMX に関連する要因によって,リモートの攻撃者が整合性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2457)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,AWT に関連する要因によって,リモートの攻撃者が機密性,整合性,可用性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2459)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,ライブラリに関連する要因によって,リモートの攻撃者が機密性,整合性,可用性に影響を与える詳細不明な脆弱性があります。(CVE-2013-2461)
- Oracle Java SE の Java Runtime Environment (JRE) コンポーネントには,2D に関連する要因によって,リモートの攻撃者が機密性,整合性,可用性に影響を与える詳細不明な脆弱性があります。
なお,これらの脆弱性はそれぞれ異なる脆弱性です。 (CVE-2013-2463 , CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
パッケージをアップデートしてください。
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469">2013-2469</a>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470">2013-2470</a>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471">2013-2471</a>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472">2013-2472</a>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473">2013-2473</a>
SRPMS
- java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.AXS4.src.rpm
MD5: d58a80c2e79618b4e7e77afba419dbd2
SHA-256: 6c89a114f9c59cb21e0e060e1d1a020131612119ea8a7fd47fd00bda880bfe35
Size: 56.54 MB