java-1.7.0-openjdk-1.7.0.79-2.5.5.1.AXS4
エラータID: AXSA:2015-117:02
リリース日:
2015/04/15 Wednesday - 19:34
題名:
java-1.7.0-openjdk-1.7.0.79-2.5.5.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenJDK の Java アーカイブツール (Jar) ユーティリティには,ディレクトリトラバーサル脆弱性が存在し,.jar ファイル中のファイル名の '..' によって,リモートの攻撃者が任意のファイルを作成,あるいは上書きする脆弱性があります。(CVE-2005-1080)
- 現時点では CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2005-1080
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
CVE-2015-0460
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2015-0469
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2015-0477
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
CVE-2015-0478
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.
CVE-2015-0480
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
CVE-2015-0488
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.7.0-openjdk-1.7.0.79-2.5.5.1.AXS4.src.rpm
MD5: 844c71b96c840eb572d295c4502917ce
SHA-256: 83a60ad214fe07e643dcd108beb9b156ad1e36d4ff3fb3265e2ea1ae5504a63c
Size: 39.02 MB
Asianux Server 4 for x86
- java-1.7.0-openjdk-1.7.0.79-2.5.5.1.AXS4.i686.rpm
MD5: b5dac44dbb27396606dbf5247c2d4c72
SHA-256: f34dd402e57a9e5ed7f93b6f220faf37db50c3ac68210f443f09712a5cb1caab
Size: 27.05 MB - java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.AXS4.i686.rpm
MD5: ba3fda3521dd660d6cf6d84f06b2aede
SHA-256: caab45b0eea6bf749efe9c502f0f3c603cbca3445b959ada388e76e43945cc01
Size: 9.44 MB
Asianux Server 4 for x86_64
- java-1.7.0-openjdk-1.7.0.79-2.5.5.1.AXS4.x86_64.rpm
MD5: d44656512d1caf6fc5b837a0a2876584
SHA-256: 42f7e4883630a2bb5de4fbfee846223f06de9760e19c8eb917bfec29ee29f831
Size: 25.84 MB - java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.AXS4.x86_64.rpm
MD5: a74bfd9535d4831bbbaa0d9188197760
SHA-256: 15d3367d0fe3c3a5f11b0f5cb86b8a995bd6dfc4848a0b2e11705ee86aa0c0cf
Size: 9.44 MB
English