正文

Oracle Java SE和Oracle Java SE Embedded 安全漏洞

admin
admin V管理员 /0 评论 /7 阅读
0303
此篇文章发布距今已超过1161天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Oracle Java SE和Oracle Java SE Embedded 安全漏洞

  • CNNVD编号:CNNVD-202010-972
    • <!--
  • 危害等级: 低危-->
  • 危害等级: 低危
  • CVE编号: CVE-2020-14779
  • 漏洞类型: 其他
  • 发布时间: 2020-10-20
  • 威胁类型: 远程
  • 更新时间: 2021-11-25
  • 厂        商:
  • 漏洞来源: Gentoo

漏洞简介

Oracle Java SE和Oracle Java SE Embedded都是美国甲骨文(Oracle)公司的产品。Oracle Java SE是一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。Oracle Java SE Embedded是一款针对嵌入式系统的、可移植的应用程序的Java平台。

Oracle Java SE和Oracle Java SE Embedded中存在安全漏洞,该漏洞源于对具有多个接口的代理类进行反序列化期间的高内存使用。以下产品及版本受到影响:Java SE: 7u271, 8u261, 11.0.8 , 15; Java SE Embedded: 8u261。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://www.oracle.com/security-alerts/cpuoct2020.html

参考网址

来源:DEBIAN

链接:https://www.debian.org/security/2020/dsa-4779

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/XKRGVMZT3EUUWKUA6DBT56FT3UOKPHQ2/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/YCKZAI4AWSKO5O5VDXHFFKNLOZGZ3KEE/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/XVPLGNHNJ4UJ6IO6R2XXEKCTCI2DRPDQ/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/Z7XEONOP6JB7SD7AMUWZTLZF2L4QD546/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/N6CJCO52DHIQJHLPF6HMTC5Z2VKFRQMY/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html

来源:GENTOO

链接:https://security.gentoo.org/glsa/202101-19

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20201023-0004/

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2020.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/50405

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0914

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4058/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-6/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Oracle-Java-OpenJDK-vulnerabilities-of-October-2020-33649

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3648/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160571/Red-Hat-Security-Advisory-2020-5585-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-oct-2020-cpu-cve-2020-14779cve-2020-14796-cve-2020-14797cve-2020-14798/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159678/Red-Hat-Security-Advisory-2020-4307-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4454/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020-includes-oracle-oct-2020-cpu/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4098/

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2020-14779

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-14779

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact-3/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-6/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-business-developer-3/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3664/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-october-2020-affect-ibm-infosphere-information-server/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-20/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cics-tx-on-cloud-4/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-14/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-java-affect-ibm-spectrum-protect-plus/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1216

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-z-tpf-5/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4201/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0720

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler-4/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161088/Gentoo-Linux-Security-Advisory-202101-19.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0569

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpuoct2020.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3772.2/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-issue-in-ibm-runtime-environment-java-technology-edition-cve-2020-14779/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-4/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-5/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159719/Red-Hat-Security-Advisory-2020-4348-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159744/Ubuntu-Security-Notice-USN-4607-1.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-5/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020-includes-oracle-oct-2020-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-15/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6518920

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-java-vulnerabilities-cve-2020-14792-cve-2020-14797-cve-2020-14781-cve-2020-14779-cve-2020-14798-cve-2020-14796/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2021-cpu-plus-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-se-affects-ibm-elastic-storage-system/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160053/Ubuntu-Security-Notice-USN-4607-2.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-18/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3929/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-jre-in-ibm-datapower-gateway/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-vulnerability-in-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3694.2/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0012/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020-includes-oracle-oct-2020-cpu-minus-cve-2020-14781-and-cve-2020-14782-affecting-infosphere-streams-4-3/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3771/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0072/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-march-2021-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-pak-for-automation-3/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-october-2020-patch-update-for-java/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway-cve-2020-14797-cve-2020-14779-cve-2020-14796/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-java-sdk-affects-ibm-voice-gateway-4/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-13/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2020-cpu/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0061/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-oct-2020-and-jan-2021-cpus/

受影响实体

    暂无


补丁

  • OpenJDK 安全漏洞的修复措施
    <!--
    2020-10-20
    -->