政府電腦保安事故協調中心 - 保安警報 (A22-01-12): Oracle Java 及 Oracle 產品多個漏洞 (2022年1月)

描述:

Oracle 發布了重要修補程式更新公告，包括一系列應對 Java SE 和不同 Oracle 產品中多個安全性漏洞的修補程式。有關安全性更新的列表，請參考以下網址：

https://www.oracle.com/security-alerts/cpujan2022.html

受影響的系統:

Oracle Java SE
Database
Oracle Linux and Virtualization
Oracle MySQL Product Suite
Oracle and Sun Systems Products Suite
Fusion Applications and Middleware
NoSQL Database

有關受影響產品的完整列表，請參閱以下連結：

https://www.oracle.com/security-alerts/cpujan2022.html

影響:

成功攻擊漏洞可以在受影響的系統中導致遠端執行程式碼、數據篡改、服務受阻斷、泄漏資訊或繞過保安限制，視乎攻擊者利用哪個漏洞而定。

建議:

現已有適用於受影響系統的修補程式。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

Oracle Java SE 產品的修補程式可從以下連結下載：

Java Platform SE 8u321 (JDK 及 JRE)
Java Platform SE 11.0.14 (JDK及JRE)
Java Platform SE 17.0.2 (JDK及JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

OpenJDK 的修補程式可從以下連結下載：

https://jdk.java.net/

用戶也可通過以下保安公告，以獲取有關其他 Oracle 產品安全更新的資訊。

https://www.oracle.com/security-alerts/cpujan2022.html

用戶可聯絡其產品支援供應商，以取得修補程式及有關支援。

進一步資訊:

https://www.oracle.com/security-alerts/cpujan2022.html
https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20220119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21242 (to CVE-2022-21342)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21344 (to CVE-2022-21383)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21386 (to CVE-2022-21403)

標籤 : Oracle , Java , Oracle Database , Oracle Linux , MySQL , Sun Systems , Fusion , Oracle NoSQL