java-11-openjdk-11.0.18.0.10-2.el8
エラータID: AXSA:2023-4810:01
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
* OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835)
* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [rhel-8] (BZ#2157797)
CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Update packages.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
N/A
SRPMS
- java-11-openjdk-11.0.18.0.10-2.el8.src.rpm
MD5: fb6cd0f41f26a92c63d467632681f19d
SHA-256: 914928175b2ba0d5f9dced435e47c01d5d2967d1c747d2db75f26690a286f1d3
Size: 75.33 MB
Asianux Server 8 for x86_64
- java-11-openjdk-11.0.18.0.10-2.el8.x86_64.rpm
MD5: e428924af8a05aee5d9f12c4e15ad69a
SHA-256: 089ed325eded58ed23f2a63dc02d359cdac6edc2e723d295e865d26b46b11de2
Size: 467.24 kB - java-11-openjdk-demo-11.0.18.0.10-2.el8.x86_64.rpm
MD5: d247373b0de1826f7273e40861164662
SHA-256: b9f8dba81c9657c51b6f1c7efa204a61465a0e917aa251194ab422c1cfc7a9c1
Size: 4.39 MB - java-11-openjdk-demo-fastdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: fc8bdb9848c90b978a5794dd1a031d7a
SHA-256: 999a2d630752d7ee8494105e3f7653693627784e73a3110404b773b80d2c5663
Size: 4.39 MB - java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 0dbb52fa936950840926706836af87ed
SHA-256: e6d198dc8e722bfd7849eae11c2f22c66858b3eba781a4785f562bd8b5409690
Size: 4.39 MB - java-11-openjdk-devel-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 8893ebbb172d5451489c1accac331426
SHA-256: baf24118659b14eeeaa1bedea6cd671998358dea12579c3d308c61c688c4518b
Size: 3.39 MB - java-11-openjdk-devel-fastdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 9c0522cc0e9f4adc95028c79c131cafe
SHA-256: cd4c9c867de276df15a25ef138c300eed99a62ecfb07741b4321abe98cc9ec58
Size: 3.39 MB - java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 115ee4c5c7accfa1109ad460b303d2bb
SHA-256: d8751c598e214e2f19b95b2103ca7cd81b30a11ee5df9d68ba16fe6bae59303e
Size: 3.39 MB - java-11-openjdk-fastdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 53f25ad4475d3211fc8704516efb2483
SHA-256: 84334341a2f028158b965b4e61e7eb6cdcb45a63a52b55431a17a16265fcb72b
Size: 480.77 kB - java-11-openjdk-headless-11.0.18.0.10-2.el8.x86_64.rpm
MD5: e997e8fcb9d0126eeed4615f1539ebc5
SHA-256: 00d25d575cb284f773ba3f6edd5bd33df9043c01111ac1408137a123bb0e181e
Size: 41.34 MB - java-11-openjdk-headless-fastdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: bb8ed110c188dd6da31d626ab6f3520f
SHA-256: 587a90a161dcb76331346b768a71186622c96d9f008c4d08cdfad86376db87b3
Size: 46.33 MB - java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 7afc35890bc0062174dff68be5c565ab
SHA-256: 739c2b7beb71bef95f85e20deac322b4f4f331be7d43aa1701dce6faf5872a01
Size: 45.68 MB - java-11-openjdk-javadoc-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 7c6a9650efbfc77f6fe9dfa2d4ef3254
SHA-256: 6a31f060f01bf510ba0a39cf8b42fe30d1d0110771bd1bdb30e384fa316bd512
Size: 16.00 MB - java-11-openjdk-javadoc-zip-11.0.18.0.10-2.el8.x86_64.rpm
MD5: d615f5cad501b4c57cd47c319cb37e3f
SHA-256: 7313a2eba0f08937665734cb70c5bc21cdeae5b6c2a210abe5ca96ec642cc441
Size: 42.10 MB - java-11-openjdk-jmods-11.0.18.0.10-2.el8.x86_64.rpm
MD5: e2795e83a27b85e7b671eae2ca8e4708
SHA-256: afd402e0cc2a52a3ff0c04476190b4235dc885af0639aae1bf5eb5a461f1d2e0
Size: 337.78 MB - java-11-openjdk-jmods-fastdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: f18d8a65be90ed90c491f3f46d795ee6
SHA-256: 75da9024515a9be2faba7a89fbf6d45b5a3ad1840bb393efb6e0c5e2bbcbdc3f
Size: 292.67 MB - java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 493bfd44f31ffb26570efd46cebcabcd
SHA-256: 35c5f2ca2ebc2e08fbbbab8b849eb5f9fa24c21ab346499f1dc1796e347275b7
Size: 225.77 MB - java-11-openjdk-slowdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 9062efe327fb31525f18e39a0126d582
SHA-256: e7565b5a228428fad9b8b8ef82f91c1300c7baf0f4fa4edd83d8b3011f06a9bf
Size: 444.76 kB - java-11-openjdk-src-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 7f6a6673781e303ccaa85ff5f4835166
SHA-256: df5f438baeed5017320916181c659ac0c938eb433455440688d1096652cf49a4
Size: 50.47 MB - java-11-openjdk-src-fastdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 9721ac04475edc40e28dfb5276ea4429
SHA-256: 6c9dee0bdd5d9db1a2f06e5d62c46237b94ce7be1ad87b1cfdc12b698246ebb4
Size: 50.47 MB - java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 8feccc9f3c2541619c0994bf2fcee298
SHA-256: 7e0502ad97c600a2e876af5f0cd383d9f971b6bb1008046e2f119ee74fa45118
Size: 50.47 MB - java-11-openjdk-static-libs-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 8c0521f01ee39dc473d39929e2ae765d
SHA-256: b7746cc87b330e989b00f4e38d2e74ed8d54069a0f9b1434ac64ce33e5673433
Size: 30.05 MB - java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: c95bbfb6e9052777db72b57c32ec43db
SHA-256: 4dd7d7516df902163691b8b85e3792c0b64f47c56ce22aeec499f8cc6df4ea23
Size: 30.33 MB - java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el8.x86_64.rpm
MD5: 78794d13fcd1710887e886afe5e7ecd8
SHA-256: 4cff8d644148cf78e0f2b122379e813bd6cd69bb22bd73bb9a5973758b678692
Size: 25.92 MB
日本語