jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7d8412e76d
cvrf2cusa/cvrf/2021/cvrf-openEuler-SA-2021-1213.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

170 lines
17 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP1</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2021-1213</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2021-06-12</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2021-06-12</InitialReleaseDate>
<CurrentReleaseDate>2021-06-12</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2021-06-12</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">openjdk-1.8.0 security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP1.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">The OpenJDK runtime environment 8.
Security Fix(es):
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).(CVE-2021-2163)
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2021-2161)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for openjdk-1.8.0 is now available for openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">openjdk-1.8.0</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1213</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2163</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2161</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-2163</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-2161</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="java-1.8.0-openjdk-src-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-src-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-devel-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-devel-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-src-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-src-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-debugsource-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-debugsource-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-debuginfo-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-debuginfo-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-demo-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-demo-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-accessibility-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-accessibility-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-headless-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-headless-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-devel-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-devel-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-demo-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-demo-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-devel-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-devel-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-headless-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-headless-1.8.0.292.b10-8.oe1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="java-1.8.0-openjdk-javadoc-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-javadoc-1.8.0.292.b10-8.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-javadoc-zip-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-javadoc-zip-1.8.0.292.b10-8.oe1.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="java-1.8.0-openjdk-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-1.8.0.292.b10-8.oe1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="java-1.8.0-openjdk-accessibility-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-accessibility-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-debugsource-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-debugsource-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-headless-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-headless-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-headless-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-headless-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-devel-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-devel-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-devel-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-devel-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-demo-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-demo-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-src-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-src-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-demo-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-demo-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-devel-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-devel-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-debuginfo-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-debuginfo-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-src-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-src-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="java-1.8.0-openjdk-slowdebug-1.8.0.292.b10-8" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">java-1.8.0-openjdk-slowdebug-1.8.0.292.b10-8.oe1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).</Note>
</Notes>
<ReleaseDate>2021-06-12</ReleaseDate>
<CVE>CVE-2021-2163</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.3</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>openjdk-1.8.0 security update</Description>
<DATE>2021-06-12</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1213</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).</Note>
</Notes>
<ReleaseDate>2021-06-12</ReleaseDate>
<CVE>CVE-2021-2161</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>openjdk-1.8.0 security update</Description>
<DATE>2021-06-12</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1213</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink