政府電腦保安事故協調中心 - 保安警報 (A23-07-16): Oracle Java 及 Oracle 產品多個漏洞 (2023年7月)

描述:

Oracle 發布了重要修補程式更新公告，包括一系列應對 Java SE 和不同 Oracle 產品中多個保安漏洞的修補程式。有關安全性更新的列表，請參考以下網址：
https://www.oracle.com/security-alerts/cpujul2023.html

受影響的系統:

Oracle Java SE
Database
Fusion Applications and Middleware
Oracle MySQL Product Suite
NoSQL Database
Oracle and Sun Systems Products Suite
Oracle Linux and Virtualization

有關受影響產品的完整列表，請參閱以下網址：
https://www.oracle.com/security-alerts/cpujul2023.html

影響:

成功利用漏洞可在受影響的系統導致服務被拒絕、泄漏資訊、繞過保安限制或篡改，視乎攻擊者利用哪個漏洞而定。

建議:

現已有適用於受影響系統的修補程式。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

Oracle Java SE 產品的修補程式可從以下連結下載：

Java Platform SE 8u381 (JDK 及 JRE)
Java Platform SE 11.0.20 (JDK 及 JRE)
Java Platform SE 17.0.8 (JDK 及 JRE)
Java Platform SE 20.0.2 (JDK 及 JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

OpenJDK 的修補程式可從以下連結下載：
https://jdk.java.net/

用戶也可通過以下安全公告，以獲取其他 Oracle 產品安全更新方面的資訊。
https://www.oracle.com/security-alerts/cpujul2023.html

用戶可聯絡其產品支援供應商，以取得修補程式及相關支援。

進一步資訊:

https://www.oracle.com/security-alerts/cpujul2023.html
https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20230719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35168 (to CVE-2020-35169)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183 (to CVE-2021-41184)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003 (to CVE-2022-42004)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20860 (to CVE-2023-20863)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21949 (to CVE-2023-21950)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21974 (to CVE-2023-21975)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22004 (to CVE-2023-22014)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22016 (to CVE-2023-22018)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22020 (to CVE-2023-22023)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22033 (to CVE-2023-22058)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22060 (to CVE-2023-22062)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25193 (to CVE-2023-25194)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28708 (to CVE-2023-28709)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861

標籤 : Oracle , Java , Oracle Database , Fusion , MySQL , Oracle NoSQL , Sun Systems , Oracle Linux