java-11-openjdk-11.0.16.0.8-1.el7
エラータID: AXSA:2022-3588:09
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.16.0.8).
Security Fix(es):
* OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)
* OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)
* OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-21540
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2022-21541
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Update packages.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
N/A
SRPMS
- java-11-openjdk-11.0.16.0.8-1.el7.src.rpm
MD5: dfb010d2726e5bae8b0e141301ac3389
SHA-256: eeac3b29e38955500edc96e1399f02f4842ce78a410e8cdcd57f96b3f1932bbf
Size: 75.12 MB
Asianux Server 7 for x86_64
- java-11-openjdk-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 46b92c99c93fc69c02d79cd44bc97c5f
SHA-256: 7262f5ff040fe7927acb3ed0555f60621746d5498e58a9c6916f344f54a84d8d
Size: 235.17 kB - java-11-openjdk-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 82be07b687bcfa328b97306d9024fe95
SHA-256: 6cb22c562aa1d596e87b53daa91e5b4044f980085b607d9e1ee2e8686ebcadb5
Size: 240.43 kB - java-11-openjdk-demo-11.0.16.0.8-1.el7.x86_64.rpm
MD5: cf12e454320bb0b59da83a523210bac6
SHA-256: f5745aec2141e064d631708b7195387d9792ef43220ddeb52be02dd11664c412
Size: 4.36 MB - java-11-openjdk-demo-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 1a031f27c2ca67259221852dba91a7de
SHA-256: 369d51dd4811c00fcfb69e553ee262aa320f1b3ebd8883f92eb9a33ba252ce99
Size: 4.36 MB - java-11-openjdk-devel-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 8e1a4b10710fcc98f13306ef6468c2e7
SHA-256: 0569ab50eb26d02490d2bda5c3ccc5fac1be76747604ac9b0a902aa0121ae018
Size: 3.38 MB - java-11-openjdk-devel-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 74f5b5ca2f0003dfa952f0a84622885c
SHA-256: 6048e0772f93cda3135146edf872519a40a2b6b1582a4c221d8cc792d86b2b5d
Size: 3.38 MB - java-11-openjdk-headless-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 5f3fda6e05538bff3d5ab9f3ea36cb87
SHA-256: 0293ce6c3831424e4b5a416fc2a776542880bd928fe69a3019388f4137bbc974
Size: 39.46 MB - java-11-openjdk-headless-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 290f0ca9c567724fcd0537e1d2dacdfa
SHA-256: 29e0b89ed1638e280975afcdd1ec1efcbe0cb977e29cd685892cfaf21523e413
Size: 42.63 MB - java-11-openjdk-javadoc-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 16b5db34ec6374f307b5dc4377d86023
SHA-256: 5b894b42e549a62e7c8177d00c70bf916aae05e42853d09e0e14431df6da4259
Size: 16.11 MB - java-11-openjdk-javadoc-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 75412cd39f8a8db91f7036c3e0b99989
SHA-256: e22f24cac1282ab4821e570c1de50d75a1ff9d07e343837874895cc450026a74
Size: 16.12 MB - java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 6619e26e1f027e73f514243aafd080cc
SHA-256: 129aeb2c31f87fdadfaa980b9d55e2ec7f49058976925cf19960b5160bad08b7
Size: 41.96 MB - java-11-openjdk-javadoc-zip-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: f0fcb2fa4aeff39a3efadec9141fd5fc
SHA-256: 19f7576f7e9c747db0ad12988d67008b4398033479d40d06ba77363e93bf3adb
Size: 41.97 MB - java-11-openjdk-jmods-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 0441321cf44c70dc3f5964dbfe95c295
SHA-256: 519ba68a8db8095411fe6d354825835215ce063194c1fcc1eecde8d7ab7f36d9
Size: 314.72 MB - java-11-openjdk-jmods-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: b200e3c07df7ae61008c1e1837234854
SHA-256: 4e8f3d06aca22385b87d6a83c6dbb301cdad696b54b149f2f93b4b8a64077f50
Size: 182.95 MB - java-11-openjdk-src-11.0.16.0.8-1.el7.x86_64.rpm
MD5: fef4188d442411674df379530aec3d55
SHA-256: 22065e9e7a944d8fe7eda5ba66aafc25bb5b941ede0dcbab9be75984d5f22e17
Size: 50.40 MB - java-11-openjdk-src-debug-11.0.16.0.8-1.el7.x86_64.rpm
MD5: 9b77623958a71fb69a5c286980e221e4
SHA-256: ca41a22cf1b6cdeaee7f66aee27af6a802895df5b0065687c2c249e3e8f412f4
Size: 50.41 MB - java-11-openjdk-11.0.16.0.8-1.el7.i686.rpm
MD5: f8b95fce9e21f31741d1a9392a67b9ed
SHA-256: 540ecd206485a410cdc12788298949195edb9ce3196b1152cf51943cf69310ce
Size: 231.20 kB - java-11-openjdk-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: f02264df60a1b885f760fa2444efbba5
SHA-256: f3f42067c7e905134f6b711be7b10ca3650483645ba643b603bea9005edc5211
Size: 234.41 kB - java-11-openjdk-demo-11.0.16.0.8-1.el7.i686.rpm
MD5: b251358730a15ac5cd877d6dbd0d9114
SHA-256: 1ef8cb4587ad8406b732eec4f571ffd5f15a592750e5eb980fa9d1840411e46f
Size: 4.36 MB - java-11-openjdk-demo-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: a600ec9023dc914c8b4bb14d444df561
SHA-256: 5e5a8296de988e54ddfe6c53b9d25e699d80ee55abb1d500e162e403c46202db
Size: 4.36 MB - java-11-openjdk-devel-11.0.16.0.8-1.el7.i686.rpm
MD5: afdf97ceaf8441051987b90dd2ab64e6
SHA-256: ccadb81a4f87a6be380c153fe8dd9cacd6990d9fdb428b7d1529e52c7d5c55b7
Size: 3.35 MB - java-11-openjdk-devel-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: d9afa05ea2ffedba1d4ab3fb76c210c2
SHA-256: 73498913e2efcec43d090651303da1c86117618e45b593d850b54c3d8310140e
Size: 3.36 MB - java-11-openjdk-headless-11.0.16.0.8-1.el7.i686.rpm
MD5: d6c9169840ae9a68821617d72d9dbb37
SHA-256: 1e9f5a5636d60fa8e6cacee4becb30a77f044220e29d9a783aa11cdb4d0e72e9
Size: 35.55 MB - java-11-openjdk-headless-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: b53d3b013a1c99c2e5e79480186f45c6
SHA-256: 8dc96c00fe587737b3ccc9ab2cb4df07f455afeef306f3fbe14c17cb57c8144b
Size: 38.13 MB - java-11-openjdk-javadoc-11.0.16.0.8-1.el7.i686.rpm
MD5: addc22531112941702b97b98e78841cc
SHA-256: fba513626e49c843328a476c4613fd6a8c4fd07448bdfe2eebf01ed63bb9b70a
Size: 16.11 MB - java-11-openjdk-javadoc-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: 22fdf997d9f93de8be5ea0c5381fe806
SHA-256: c0cc6b0fb2837c90dc11a36680b2b0bfc1b7d642ad030702cf63bbf912488c5b
Size: 16.11 MB - java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7.i686.rpm
MD5: db15f623b636dba426f0baf3978fb4d9
SHA-256: fbf2a057fd4501d61ee190f57940a4fc3052782174953e464d72bf0c875a47eb
Size: 41.99 MB - java-11-openjdk-javadoc-zip-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: 349d76ea6863dcf383b8cd5ce228c2f7
SHA-256: 36dcff59ebe99bb366ab5cb24688a96638a0d62440c65d5200b7774e77b9e89f
Size: 41.99 MB - java-11-openjdk-jmods-11.0.16.0.8-1.el7.i686.rpm
MD5: 43fcf70e9598a666ba8489fadcfb5b47
SHA-256: e1ce1a7ca2ad80f776e8328ab07d90c41576167e45e5bd69108a6857dd427349
Size: 266.50 MB - java-11-openjdk-jmods-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: f4f6ec591c2ec21d6eb4079b57ca8ab6
SHA-256: 09d02137c9c79058c03786dbe2fb3046a8303e6fcf8db045283b55c4e95545e6
Size: 155.82 MB - java-11-openjdk-src-11.0.16.0.8-1.el7.i686.rpm
MD5: 7115809fbdbfc5ea2ff69c49cde1feb9
SHA-256: fa57b2fc0c95d28c6bf6a09912c33014d419b479437cac2465405ad84fde07cb
Size: 45.66 MB - java-11-openjdk-src-debug-11.0.16.0.8-1.el7.i686.rpm
MD5: 49b5e03cb2df9dda139c046fb1b69382
SHA-256: 6ba29c4f4789ac566e23b9367019af57826a8970382f77062e72763e892088c4
Size: 45.66 MB