政府电脑保安事故协调中心 - 保安警报 (A21-07-12): Oracle Java 及 Oracle 产品多个漏洞 (2021年7月)

描述:

Oracle 发布了重要修补程式更新公告，包括一系列应对 Java SE 和不同 Oracle 产品中多个安全性漏洞的修补程式。有关安全性更新的列表，请参考以下网址：
https://www.oracle.com/security-alerts/cpujul2021.html

受影响的系统:

Oracle Java SE
OpenJDK
Database
Oracle Linux and Virtualization
Oracle MySQL Product Suite
Oracle and Sun Systems Products Suite
Fusion Applications and Middleware

有关受影响产品的完整列表，请参阅以下连结:
https://www.oracle.com/security-alerts/cpujul2021.html

影响:

成功攻击这些漏洞可导致服务受阻断、数据篡改、泄漏资讯、绕过保安功能、终止系统执行或控制受影响的系统，视乎攻击者利用哪个漏洞而定。

建议:

现已有适用於受影响系统的修补程式。受影响系统的用户应遵从产品供应商的建议，立即采取行动以降低风险。

Oracle Java SE 产品的修补程式可从以下连结下载:

Java Platform SE 8u301 (JDK and JRE),
Java Platform SE 11.0.12 (JDK and JRE)
Java Platform SE 16.0.2 (JDK and JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

OpenJDK 的修补程式可从以下连结下载:
https://jdk.java.net/

用户也可通过以下保安公告，以获取有关其他 Oracle 产品安全更新的资讯。
https://www.oracle.com/security-alerts/cpujul2021.html

用户可联络其产品支援供应商，以取得修补程式及有关支援。

进一步信息:

https://www.oracle.com/security-alerts/cpujul2021.html
https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20210721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2328 (to CVE-2021-2330)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2333 (to CVE-2021-2378)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2380 (to CVE-2021-2412)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2417 (to CVE-2021-2458)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921

标签 : Oracle , Java , OpenJDK , Oracle Database , Oracle Linux , MySQL , Sun Systems , Fusion