BDU:2023-02179
Vulnerability from fstec - Published: 18.04.2023
VLAI Severity ?
Title
Уязвимость компонента JSSE программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю раскрыть защищаемую информацию или создать, удалить или изменить доступ к данным
Description
Уязвимость компонента JSSE программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition связана с отсутствием проверки целостности сообщений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию или создать, удалить или изменить доступ к данным
Severity ?
Vendor
Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, Canonical Ltd., ООО «Ред Софт», АО «ИВК», АО «НТЦ ИТ РОСА», Oracle Corp., АО "НППКТ", Axiom JDK, Azul Systems, Inc.
Software Name
Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, Debian GNU/Linux, Ubuntu, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), Red Hat build of OpenJDK, РОСА Кобальт (запись в едином реестре российских программ №1999), Java SE, GraalVM Enterprise Edition, OpenJDK, АЛЬТ СП 10, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Axiom AxiomJDK, Zulu OpenJDK
Software Version
7 (Red Hat Enterprise Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 10 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP1 (Suse Linux Enterprise Desktop), 12 SP1 (Suse Linux Enterprise Server), 20.04 LTS (Ubuntu), 12 SP4-ESPOS (Suse Linux Enterprise Server), 12 SP4-LTSS (Suse Linux Enterprise Server), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 16.04 ESM (Ubuntu), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (Альт 8 СП), 15 SP4 (Suse Linux Enterprise Server), 11 (Red Hat build of OpenJDK), 17 (Red Hat build of OpenJDK), 1.8 (Red Hat build of OpenJDK), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 9.0 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 15 SP3-LTSS (Suse Linux Enterprise Server), 7.9 (РОСА Кобальт), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 8u361 (Java SE), 8u361-perf (Java SE), 11.0.18 (Java SE), 17.0.6 (Java SE), 20 (Java SE), 20.3.9 (GraalVM Enterprise Edition), 21.3.5 (GraalVM Enterprise Edition), 22.3.1 (GraalVM Enterprise Edition), 18.04 ESM (Ubuntu), 23.04 (Ubuntu), 11.0.18 (OpenJDK), 17.0.6 (OpenJDK), 20 (OpenJDK), 1.8.0 update361 (OpenJDK), - (АЛЬТ СП 10), до 2.9 (ОСОН ОСнова Оnyx), до 11.0.18 (Axiom AxiomJDK), до 17.0.6 (Axiom AxiomJDK), до 8u371 (Axiom AxiomJDK), до 11.66.15-CA (Zulu OpenJDK)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpuapr2023.html
https://openjdk.org/groups/vulnerability/advisories/2023-04-18
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-21930
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-21930.html
Для Ubuntu:
https://ubuntu.com/security/notices/USN-6077-1
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-21930
Для РОСА «Кобальт»:
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2213
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения openjdk-11 до версии 11.0.21+9.repack-1~deb10u1.osnova21
Для Axiom AxiomJDK:
https://axiomjdk.ru/blog/
Для Zulu OpenJDK:
https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux.x86_64.rpm
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Reference
https://www.cybersecurity-help.cz/vdb/SB2023041942
https://www.oracle.com/security-alerts/cpuapr2023.html
https://access.redhat.com/security/cve/CVE-2023-21930
https://www.suse.com/security/cve/CVE-2023-21930.html
https://security-tracker.debian.org/tracker/CVE-2023-21930
https://openjdk.org/groups/vulnerability/advisories/2023-04-18
https://openjdk.org/groups/vulnerability/advisories/2023-04-18
https://ubuntu.com/security/notices/USN-6077-1
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/
https://axiomjdk.ru/blog/
https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux.x86_64.rpm
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-20, CWE-924
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO289, TO290, TO291, TO292, TO293, TO294, TO295, TO296, TO297, TO300, TO827",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO289 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK, TO290 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK8U-JRE, TO291 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK8U-JRE, TO292 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK8U-JRE, TO293 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK11U-JRE, TO294 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK11U-JRE, TO295 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f OpenJDK11U-JRE, TO296 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK, TO297 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK17U-JRE, TO300 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 OpenJDK, TO827 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Zulu OpenJDK",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Oracle Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", Axiom JDK, Azul Systems, Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 10 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP1 (Suse Linux Enterprise Desktop), 12 SP1 (Suse Linux Enterprise Server), 20.04 LTS (Ubuntu), 12 SP4-ESPOS (Suse Linux Enterprise Server), 12 SP4-LTSS (Suse Linux Enterprise Server), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 16.04 ESM (Ubuntu), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 15 SP4 (Suse Linux Enterprise Server), 11 (Red Hat build of OpenJDK), 17 (Red Hat build of OpenJDK), 1.8 (Red Hat build of OpenJDK), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 9.0 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), 15 SP3-LTSS (Suse Linux Enterprise Server), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 8u361 (Java SE), 8u361-perf (Java SE), 11.0.18 (Java SE), 17.0.6 (Java SE), 20 (Java SE), 20.3.9 (GraalVM Enterprise Edition), 21.3.5 (GraalVM Enterprise Edition), 22.3.1 (GraalVM Enterprise Edition), 18.04 ESM (Ubuntu), 23.04 (Ubuntu), 11.0.18 (OpenJDK), 17.0.6 (OpenJDK), 20 (OpenJDK), 1.8.0 update361 (OpenJDK), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 11.0.18 (Axiom AxiomJDK), \u0434\u043e 17.0.6 (Axiom AxiomJDK), \u0434\u043e 8u371 (Axiom AxiomJDK), \u0434\u043e 11.66.15-CA (Zulu OpenJDK)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpuapr2023.html\nhttps://openjdk.org/groups/vulnerability/advisories/2023-04-18\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-21930\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2023-21930.html\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-6077-1\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-21930\n\n\u0414\u043b\u044f \u0420\u041e\u0421\u0410 \u00ab\u041a\u043e\u0431\u0430\u043b\u044c\u0442\u00bb:\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2213\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f openjdk-11 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 11.0.21+9.repack-1~deb10u1.osnova21\n\n\u0414\u043b\u044f Axiom AxiomJDK:\nhttps://axiomjdk.ru/blog/\n\n\u0414\u043b\u044f Zulu OpenJDK:\nhttps://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux.x86_64.rpm\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.04.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.04.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-02179",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-21930",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, Debian GNU/Linux, Ubuntu, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat build of OpenJDK, \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), Java SE, GraalVM Enterprise Edition, OpenJDK, \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Axiom AxiomJDK, Zulu OpenJDK",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1 , Novell Inc. Suse Linux Enterprise Server 12 SP1-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS , Novell Inc. Suse Linux Enterprise Desktop 12 SP2 , Novell Inc. Suse Linux Enterprise Server 12 SP2 , Novell Inc. Suse Linux Enterprise Server 15-LTSS , Novell Inc. Suse Linux Enterprise Desktop 12 SP1 , Novell Inc. Suse Linux Enterprise Server 12 SP1 , Canonical Ltd. Ubuntu 20.04 LTS , Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS , Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL , Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS , Canonical Ltd. Ubuntu 16.04 ESM , Novell Inc. Suse Linux Enterprise Server 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. Suse Linux Enterprise Server 15 , Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS , Novell Inc. Suse Linux Enterprise Desktop 15 SP1 , Novell Inc. Suse Linux Enterprise Desktop 15 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.0 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , Canonical Ltd. Ubuntu 18.04 ESM , Canonical Ltd. Ubuntu 23.04 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 JSSE \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Java SE \u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b Oracle GraalVM Enterprise Edition, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u0442\u044c, \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043f\u0440\u0438 \u0438\u0445 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435 \u0432 \u043a\u0430\u043d\u0430\u043b \u0441\u0432\u044f\u0437\u0438 (CWE-924)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 JSSE \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Oracle Java SE \u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b Oracle GraalVM Enterprise Edition \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u0442\u044c, \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vdb/SB2023041942\nhttps://www.oracle.com/security-alerts/cpuapr2023.html\nhttps://access.redhat.com/security/cve/CVE-2023-21930\nhttps://www.suse.com/security/cve/CVE-2023-21930.html\nhttps://security-tracker.debian.org/tracker/CVE-2023-21930\nhttps://openjdk.org/groups/vulnerability/advisories/2023-04-18\nhttps://openjdk.org/groups/vulnerability/advisories/2023-04-18\nhttps://ubuntu.com/security/notices/USN-6077-1\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttps://axiomjdk.ru/blog/\nhttps://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux.x86_64.rpm\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-924",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…