java-1.8.0-openjdk-1.8.0.181-3.b13.AXS4
エラータID: AXSA:2018-3264:03
リリース日:
2018/07/25 Wednesday - 19:16
題名:
java-1.8.0-openjdk-1.8.0.181-3.b13.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Oracle Java SE のコンポーネント (サブコンポーネント: Concurrency)
には,認証されていない攻撃者が,Java SE の部分的なサービス拒否 (部
分的な DoS) を引き起こす脆弱性があります。(CVE-2018-2952)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-2952
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.181-3.b13.AXS4.src.rpm
MD5: db97e3de5b3611ab1b524e43494b7fe3
SHA-256: 1d8e84c7759929cdb7f2fda4275234eccef26b17961c1cdde618dad475aa1efd
Size: 53.15 MB
Asianux Server 4 for x86
- java-1.8.0-openjdk-1.8.0.181-3.b13.AXS4.i686.rpm
MD5: 2486b8f56ddda70a4676a680878a7af2
SHA-256: 6c135b2f5dfc82d83ad28851c070bc9a8084dba7f8176e3f35d787a27becb9aa
Size: 196.33 kB - java-1.8.0-openjdk-devel-1.8.0.181-3.b13.AXS4.i686.rpm
MD5: 2403e0dfd7b4e7544fcdd46e5ba85f57
SHA-256: 0d9eff8465bb0f486c888173ab90f2090c1e7656ea633d0b9fd058b7afff72a1
Size: 10.08 MB - java-1.8.0-openjdk-headless-1.8.0.181-3.b13.AXS4.i686.rpm
MD5: 0818559882e32b402d20d5ee0dc3216b
SHA-256: fcddccbeedd4e69173fbfda8de06e92921ddd37dc19d9c46cd66849aabac3e9d
Size: 31.37 MB
Asianux Server 4 for x86_64
- java-1.8.0-openjdk-1.8.0.181-3.b13.AXS4.x86_64.rpm
MD5: 84de88e1b5dc26a4e556102d7b608167
SHA-256: 3f23f51586d8876927a80dbdcadb963cc907f7bbc2c4c5a879c1bb0c0a0738a3
Size: 208.45 kB - java-1.8.0-openjdk-devel-1.8.0.181-3.b13.AXS4.x86_64.rpm
MD5: d0ce5345c94b69d053077c8044b3557e
SHA-256: e31dee8b484e8d36c255e446aab99d24596b89890ae04a4b498ab385f09f8da5
Size: 10.07 MB - java-1.8.0-openjdk-headless-1.8.0.181-3.b13.AXS4.x86_64.rpm
MD5: 53765b0ccdeba15410d9b71373d8de4d
SHA-256: d89e9e2b96e3ea62dc77a77f328aef02520681112ff7cddeaeef5f66314134db
Size: 31.94 MB
English