java-1.8.0-openjdk-1.8.0.362.b09-2.el9

エラータID: AXSA:2023-5054:05

Release date: 
Friday, February 10, 2023 - 03:47
Subject: 
java-1.8.0-openjdk-1.8.0.362.b09-2.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830)
* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362)
* solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [openjdk-8]

CVE-2023-21830
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.362.b09-2.el9.src.rpm
    MD5: 4afa21319b0b677eb781f3476b241556
    SHA-256: 2a80c5aa67739bb32eadaef1e026172ac91a99324462c65705ac233e04826156
    Size: 55.68 MB

Asianux Server 9 for x86_64
  1. java-1.8.0-openjdk-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 64af38d708eb61d9ff9db17b7b4748ea
    SHA-256: eb680e22ba5a1b436dbde249a657f6f3af312beea43ae1324dd30d7eb3259dd8
    Size: 455.92 kB
  2. java-1.8.0-openjdk-demo-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 2efa80492b0e02866339aa836e407fbd
    SHA-256: 6f3b2877156eacc1d8ac3739727272342acc95322f443b04340b55703edca77b
    Size: 1.95 MB
  3. java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: c9f91cd09b27f77dc532d7927e4dab26
    SHA-256: f6bae7a7a61921698f8b179feec12f46a95a8a307bd3756e7a8f487a965dc516
    Size: 1.97 MB
  4. java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: f19c95eb40b8abe056c435093e35215b
    SHA-256: 1b9e9f9e8c377e5781735015f998588457dbf70aac9238551356d6cca6a702ff
    Size: 1.96 MB
  5. java-1.8.0-openjdk-devel-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 12f274debb50926edf79d31a6300ce93
    SHA-256: 3d0b2b706edc3a52a60fa5044d2bf9ee97026d235261c4e7853a7978b5887bdc
    Size: 9.32 MB
  6. java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 0f54b8911fcb4d6e0c8d2b2fae47f2ff
    SHA-256: 6de731536c1d71d71301e456f4a55b3f48f0cdb5ad9b07414a02c9204aa3d7f4
    Size: 9.33 MB
  7. java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 4aa52404ea6dc64294d733701a2f9afb
    SHA-256: 3595e781b818c2505aa953da30f6ede65bac6eaf67f459ac7cca1364d5ded428
    Size: 9.33 MB
  8. java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 0dc5b0acdd54fa32a0d2cbf5bbcb50f3
    SHA-256: 944567f671898e4cb053b21e2765f32aa0de5067b3e22348b19b0199ebbad753
    Size: 469.08 kB
  9. java-1.8.0-openjdk-headless-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 81e89ce4c7dd8f3670278a2e7ba1cc59
    SHA-256: 08130ccf7143c2c0ccdff07c766d4d946481392cf5a4aa01d770ad9453ed7dd3
    Size: 33.17 MB
  10. java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: 84d9421a35c7f50706a2788028a1917d
    SHA-256: 01403a6714a1121c3defbaa47f7905879566652f09d7f790c5f27f1c54f1ec08
    Size: 37.04 MB
  11. java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: f6120e37da16e21cf040f7c31bde6bb4
    SHA-256: 01f81c8259d1bc3a32c6ef32cf15703a5f1ace51e945466370315cc20ce8836b
    Size: 34.84 MB
  12. java-1.8.0-openjdk-javadoc-1.8.0.362.b09-2.el9.noarch.rpm
    MD5: a40eb3d96b01d762abdaa7b3e83911e4
    SHA-256: a4922e7c50fae2a0bc28c8d55b732c90b31ca81c609af9f3344ffd5a2a9555f9
    Size: 11.85 MB
  13. java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b09-2.el9.noarch.rpm
    MD5: a010db304a96793340389b206eb27be2
    SHA-256: 78520b1f14b7fb3cab5eb96718e65859f766b455d2a4ee84114cb61d0d5c8bf7
    Size: 40.72 MB
  14. java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: c0597cffaf836446dd0771d3a3d7ade9
    SHA-256: 34231656480a7885d4e3f45bf307dc988691724969dfebd6e60c7bd6c35caeeb
    Size: 437.63 kB
  15. java-1.8.0-openjdk-src-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: ec1ef9295ac42bef4a8d400ebea64a65
    SHA-256: b21ec324718993c1c625b4f09a9cb5cfe41aa4bc51f0a7b9ccc6c7cf0f936cf6
    Size: 44.61 MB
  16. java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: cd9d3b7f4bf348d94e10ea89245e5d67
    SHA-256: 38cc6209e1f821134973fc38ac6a08c9443f86025212c7cb5764d6f9bb43b8fa
    Size: 44.61 MB
  17. java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
    MD5: f0dcc60e76cd8f7e050889b353c11bd5
    SHA-256: bc1f10fa4df8d49f807c217f24156337b35626d8d51586f1d04e43fe2dc6b2ca
    Size: 44.61 MB