java-17-openjdk-17.0.1.0.12-2.el8

エラータID: AXSA:2021-2878:03

Release date: 
Monday, December 27, 2021 - 12:34
Subject: 
java-17-openjdk-17.0.1.0.12-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and
the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect principal selection when using Kerberos Constrained
Delegation (Libraries, 8266689) (CVE-2021-35567)
* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)
(CVE-2021-35556)
* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)
(CVE-2021-35559)
* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility,
8266097) (CVE-2021-35561)
* OpenJDK: Certificates with end dates too far in the future can corrupt
keystore (Keytool, 8266137) (CVE-2021-35564)
* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729)
(CVE-2021-35578)
* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)
(CVE-2021-35586)
* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)
(CVE-2021-35603)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-35556
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: Swing). Supported versions that are affected are Java
SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and
21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with
network access via multiple protocols to compromise Java SE, Oracle GraalVM
Enterprise Edition. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS) of Java
SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability does not apply to Java deployments, typically in servers, that
load and run only trusted code (e.g., code installed by an administrator). CVSS
3.1 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2021-35559
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: Swing). Supported versions that are affected are Java
SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and
21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with
network access via multiple protocols to compromise Java SE, Oracle GraalVM
Enterprise Edition. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS) of Java
SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability can also be exploited by using APIs in the specified Component,
e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score
5.3 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2021-35561
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: Utility). Supported versions that are affected are
Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3
and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Oracle GraalVM
Enterprise Edition. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS) of Java
SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability can also be exploited by using APIs in the specified Component,
e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score
5.3 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2021-35564
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: Keytool). Supported versions that are affected are
Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3
and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Oracle GraalVM
Enterprise Edition. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM
Enterprise Edition accessible data. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability can also be exploited by using APIs in the specified Component,
e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score
5.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2021-35567
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: Libraries). Supported versions that are affected are
Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and
21.2.0. Easily exploitable vulnerability allows low privileged attacker with
network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise
Edition. Successful attacks require human interaction from a person other than
the attacker and while the vulnerability is in Java SE, Oracle GraalVM
Enterprise Edition, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized access to
critical data or complete access to all Java SE, Oracle GraalVM Enterprise
Edition accessible data. Note: This vulnerability applies to Java deployments,
typically in clients running sandboxed Java Web Start applications or sandboxed
Java applets, that load and run untrusted code (e.g., code that comes from the
internet) and rely on the Java sandbox for security. This vulnerability can also
be exploited by using APIs in the specified Component, e.g., through a web
service which supplies data to the APIs. CVSS 3.1 Base Score 6.8
(Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
CVE-2021-35578
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: JSSE). Supported versions that are affected are Java
SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0.
Easily exploitable vulnerability allows unauthenticated attacker with network
access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM
Enterprise Edition. Note: This vulnerability can only be exploited by supplying
data to APIs in the specified Component without using Untrusted Java Web Start
applications or Untrusted Java applets, such as through a web service. CVSS 3.1
Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2021-35586
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: ImageIO). Supported versions that are affected are
Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3
and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Oracle GraalVM
Enterprise Edition. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS) of Java
SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability can also be exploited by using APIs in the specified Component,
e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score
5.3 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2021-35603
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: JSSE). Supported versions that are affected are Java
SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and
21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with
network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition.
Successful attacks of this vulnerability can result in unauthorized read access
to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note:
This vulnerability applies to Java deployments, typically in clients running
sandboxed Java Web Start applications or sandboxed Java applets, that load and
run untrusted code (e.g., code that comes from the internet) and rely on the
Java sandbox for security. This vulnerability can also be exploited by using
APIs in the specified Component, e.g., through a web service which supplies data
to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. java-17-openjdk-17.0.1.0.12-2.el8.src.rpm
    MD5: 3e3b43a6586b47bbfd34cfb5e1e283f9
    SHA-256: b440f4231dec3693b1c8e9dfd33594c1c01c7dbebfbc5cec6f4065ccb5f6e94a
    Size: 61.41 MB

Asianux Server 8 for x86_64
  1. java-17-openjdk-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 1bfa717fd075be01754db9c9ff396e34
    SHA-256: bcdf33872dbbc77e7f5122bcc94d22a0f353529792e6cf0180ebba0e293f594f
    Size: 243.35 kB
  2. java-17-openjdk-demo-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 4ddf70338586e85efeb854655aba8007
    SHA-256: 8af38104eecdb9a93cd8ff2e59d62048473c7b7a29f8908f89a5366b315c37f2
    Size: 4.29 MB
  3. java-17-openjdk-devel-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 34da6ef58712de2ad6a023e40cc5a11f
    SHA-256: 02b1092383391d61f978d471544b1cf77c04526174b9fed2ff720b3d4ecbda66
    Size: 5.09 MB
  4. java-17-openjdk-headless-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 3e5f8044670122c8260524ddc6efb3a5
    SHA-256: b0203b424fefae85ed171777768e90439f124a262d7cd1e55c33474097d3c056
    Size: 41.06 MB
  5. java-17-openjdk-javadoc-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: ccb9ef0eee145e4454fcc269d5e2b9f5
    SHA-256: 51ee5e015e5f4ba72fb1c25a301f12be81f800ec707faea887803edf2256447d
    Size: 15.98 MB
  6. java-17-openjdk-javadoc-zip-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 7452f9610a31c22f03e82e45b722ec2b
    SHA-256: 3f0cf76c6cd78ea6bb8781fccf5ec13e011872668fd912cf0d65894ab34a7555
    Size: 40.34 MB
  7. java-17-openjdk-jmods-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 057172fd773d15c43f7f9afcbb414bc4
    SHA-256: e7bb02eb72d5ff622d48669b01430136d96d5f22c347bc523a013a959e321a33
    Size: 238.50 MB
  8. java-17-openjdk-src-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 4844acfb41ec5ca13be45b5dc49f8c0d
    SHA-256: a7b131df9a31bad34fa9ad9368afa1d8f5debc48f3157e1439e539d362d4914c
    Size: 45.28 MB
  9. java-17-openjdk-static-libs-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 504d9aabc4754b8b48e58bd479667456
    SHA-256: a8aa4d207ed05b8ea8a9ce04a7d6ccef67249fcc9262b9604f74171b1465edb8
    Size: 26.16 MB
  10. java-17-openjdk-demo-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 543ab900fe2f236391e76f91b7f70dc2
    SHA-256: ee970c36fd9d2d9e1bc0f4e77b18f79747976c82d3329f5e0ffde39e1be88f0d
    Size: 4.29 MB
  11. java-17-openjdk-demo-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 5b2bca6d232baf86ba9840ed79ede6aa
    SHA-256: 68cec319bf82656ab48244adfbd29e9ce2b2cb64eb084f654024e166cc2a50b0
    Size: 4.29 MB
  12. java-17-openjdk-devel-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: eaeaea998bc66139f181ace5e9787c36
    SHA-256: f038e25292519f89dad77a130b041f8aa3e098c87c83f490af339ff7133c6069
    Size: 5.09 MB
  13. java-17-openjdk-devel-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 3576ca5019fe7ebfa9ba299081ea13f8
    SHA-256: a2ef52038e8d8b65f0de6dfb2d7e78a767a539a21ea4d836f897fc9b6d456248
    Size: 5.10 MB
  14. java-17-openjdk-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 5b99f03a29ff407d39f307fc17cb6442
    SHA-256: c0815d6cbeec2ce3c58868b0d5581cebe20a11f39cf500f3b4cd868377354241
    Size: 252.43 kB
  15. java-17-openjdk-headless-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 058ffcc2c2c68a46b594e2fe35d770f6
    SHA-256: f50f4f19317673cbfeb186345e5cc1d8b620324a839960ede4eae21be2056b8d
    Size: 45.55 MB
  16. java-17-openjdk-headless-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 1b7c85da65178ed0e2d552af33f1d4f9
    SHA-256: 6b156fc9be11eac4a08d79b6406a029a5c05718ff1bc6bf06b7c58d8742e0dc6
    Size: 43.61 MB
  17. java-17-openjdk-jmods-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 3acb361d1896c4e5178f53c1f1dac9ee
    SHA-256: e2a699222f73721ce28dfb1224c2e440d41b713e319ad60ec1e6a9cf29f21397
    Size: 231.46 MB
  18. java-17-openjdk-jmods-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 6c9bcaea8422c9cfecbc7d140aa2d2e5
    SHA-256: c74f7564dc7b3ed91334699e31405c5ca1c41509d0231d61c8e236ad058f643c
    Size: 171.76 MB
  19. java-17-openjdk-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 9008ec34bd11d4eb96754f769fc58383
    SHA-256: 4587575f2c6d92ccfce7a4ca0d4179501f7a70779b29fb3847dcd3f8a9e6a833
    Size: 242.04 kB
  20. java-17-openjdk-src-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: e7714a38b10beab8db65fdf3f339063b
    SHA-256: f278762390ed5df3ecce43e21785fe0fcb44913bf8d0b9c39b7e7e9bc313ab24
    Size: 45.28 MB
  21. java-17-openjdk-src-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 2fac7375c1dbfa8ce743892df570a981
    SHA-256: 91039975479fb5625b489fbdb614f858d504f9ae3e7fd067c6d9f6c589dde027
    Size: 45.27 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 66ea35987e3ace83e39a79b92ea07985
    SHA-256: a160f3935f0c87b2ac2d6150dfcec7cc05cdaada401d7a8b499260199df55c4c
    Size: 26.35 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
    MD5: 79d8577a425f0d766b25086512ee0ed9
    SHA-256: a283a2e6d16e05a4c1f389e7ed120b9a42bb2685ed6806e9bcf107f40b72cd61
    Size: 21.48 MB