java-1.6.0-openjdk-1.6.0.37-1.13.9.4.0.1.el7.AXS7
エラータID: AXSA:2015-861:01
リリース日:
2015/12/02 Wednesday - 16:43
題名:
java-1.6.0-openjdk-1.6.0.37-1.13.9.4.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Oracle Java SE には,JGSS に関連する要因によって,リモートの攻撃者が
機密性に影響を与える詳細不明な脆弱性があります。(CVE-2015-4734)
- Oracle JavaSE には,JAXP に関連する要因によって,リモートの攻撃者が可
用性に影響を与える詳細不明な脆弱性があります。
この脆弱性は CVE-2015-4893 と CVE-2015-4911 とは異なる脆弱性です。
(CVE-2015-4803)
- Oracle Java SE には詳細不明な脆弱性が存在し,Serialization に関連す
る要因によって,リモートの攻撃者が機密性,完全性,可用性に影響を与える
脆弱性があります。(CVE-2015-4805)
- Oracle Java SE には,Libraries に関連した要因によって,リモートの攻撃
者が機密性と完全性に影響を与える詳細不明な脆弱性があります。
(CVE-2015-4806)
- Oracle JavaSE には,CORBA に関連する要因によって,リモートの攻撃者が機
密性,完全性,可用性に影響を与える脆弱性があります。(CVE-2015-4835)
- Oracle Java SE には,JAXP に関連する要因によって,リモートの攻撃者が機
密性に影響を与える詳細不明な脆弱性が存在します。(CVE-2015-4842)
- Oracle Java SE には,Libraries に関連する要因によって,リモートの
攻撃者が機密性,完全性,可用性に影響を与える詳細不明な脆弱性が存在しま
す。(CVE-2015-4843)
- Oracle Java SE には,2D に関連する要因によって,リモートの攻撃者
が機密性,完全性,可用性に影響を与える詳細不明な脆弱性があります。
(CVE-2015-4844)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-4734
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.
CVE-2015-4803
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.
CVE-2015-4805
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
CVE-2015-4806
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
CVE-2015-4835
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.
CVE-2015-4842
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
CVE-2015-4843
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2015-4844
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2015-4860
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.
CVE-2015-4872
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.
CVE-2015-4881
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.
CVE-2015-4882
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.
CVE-2015-4883
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.
CVE-2015-4893
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.
CVE-2015-4903
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI.
CVE-2015-4911
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.6.0-openjdk-1.6.0.37-1.13.9.4.0.1.el7.AXS7.src.rpm
MD5: f8ced51c7c1dd9637bb60aabd7558827
SHA-256: 99c4f4ad76595c06ed3565ba49ee31b3b84a558474bcc950d21c70a53146b298
Size: 36.32 MB
Asianux Server 7 for x86_64
- java-1.6.0-openjdk-1.6.0.37-1.13.9.4.0.1.el7.AXS7.x86_64.rpm
MD5: 44378163c8628b398738fa999e5a537b
SHA-256: 56e42793e8d04a80ad1610227616d12a2a7b4f535d9935a6beef9f39e923441b
Size: 41.67 MB - java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.0.1.el7.AXS7.x86_64.rpm
MD5: 795acd2aae237763c2b3a2cb3fe9ab05
SHA-256: 460f1f3f0d6e10af2f0c1a6727df19b5d5b488d5f4e7f8ce0bbccaa097358707
Size: 14.51 MB
English