java-17-openjdk-17.0.6.0.10-3.el9

エラータID: AXSA:2023-5058:04

Release date: 
Friday, February 10, 2023 - 10:06
Subject: 
java-17-openjdk-17.0.6.0.10-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835)
* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* In FIPS mode, the use of a SQLite database provided by NSS was assumed, which was opened in read-only mode and with no PIN expected. This prevented the use of other databases or setting a PIN on the NSS database. This update allows more control over database use using two new properties - fips.nssdb.path and fips.nssdb.pin - which can be configured permanently in the java.security file or temporarily via command-line arguments to the Java virtual machine
* Prepare for the next quarterly OpenJDK upstream release (2023-01, 17.0.6)

CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. java-17-openjdk-17.0.6.0.10-3.el9.src.rpm
    MD5: 4fd8127c7ec0782908b95c5c1d61be02
    SHA-256: 5586e2bcfa123d42ab34fd0346e1536da3214379e9d25d0df86dc239f5711aba
    Size: 61.48 MB

Asianux Server 9 for x86_64
  1. java-17-openjdk-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: bfbdc669a8605372f5f153dba57b212b
    SHA-256: a35db82595f0c739df44f74f7dd90140274d24baf904c82a7247d3c6b3f2569a
    Size: 432.97 kB
  2. java-17-openjdk-demo-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 2e4da9dcc7be22d2dff4f525251f29aa
    SHA-256: 3ede7ee518e8851c8d97f143097353824147cdcdaec1473cc6859723ba3334da
    Size: 3.38 MB
  3. java-17-openjdk-demo-fastdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 2ee586ad68da7afa8c7a6f189de01d5f
    SHA-256: 23b82bf4e1f9b66dffd95430c00c3f43c0acbce2c4e384f1b9c787322cb67f23
    Size: 3.38 MB
  4. java-17-openjdk-demo-slowdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 8c09c746d2690d823a2419581ba9e41e
    SHA-256: cef7f190a16ea6d2c4c1220a9f620571d1145512d5b0aac76e8aad349ceba14a
    Size: 3.38 MB
  5. java-17-openjdk-devel-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: b383d0be6980cdd2b15ea39e6929f9be
    SHA-256: c94475be9e85750b298675adf31d2b01ab194f0e1a4c38824b1c10415d1c143a
    Size: 4.72 MB
  6. java-17-openjdk-devel-fastdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 0c5f6356d8627efb936c53ea1f4cf867
    SHA-256: 3560bb79c9fccbf2620755757e132acae277226e38ed7021f4ae2adcc2ceae2d
    Size: 4.72 MB
  7. java-17-openjdk-devel-slowdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 87afba652183e7e04872b16a5fa1680b
    SHA-256: 6e04c1f5e0ebedcf90c7afddcad258ef419249d1788a42a2e0f669601e737898
    Size: 4.72 MB
  8. java-17-openjdk-fastdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 7c0acb864dfe4500339a7d6f22e49a5f
    SHA-256: 103d029f8966675ff456d520a76f432b26bc79aef5a123e53432127e73aeaab6
    Size: 442.18 kB
  9. java-17-openjdk-headless-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 840056a4c15b1c76b831e8cc66a10122
    SHA-256: beac30d1210983d603470414f4154ad5e3da7854757dac93c790492d1f7e5d92
    Size: 41.65 MB
  10. java-17-openjdk-headless-fastdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 51bcfd70f046ac0eeb9c4b7e2966e20b
    SHA-256: 8bab3b8f04d5451442c9c10696dc068077ab2d4bc3cd687af9ba5aaa9e920827
    Size: 46.77 MB
  11. java-17-openjdk-headless-slowdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 93e4102d21098a8ec5587944a4b44ec7
    SHA-256: 3f48abc04e68c1ec55511372556dbe8e31c3f4933935328804d157da7ecd3a93
    Size: 45.18 MB
  12. java-17-openjdk-javadoc-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 4d0be8d3105c69aa63012a100c63a125
    SHA-256: 17a3858f207789282e3633c8b539608e610988706bd6b0f064b4a2fd53d41be6
    Size: 12.47 MB
  13. java-17-openjdk-javadoc-zip-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 5ef3088c484a5bfb4a369bc49b7f1e61
    SHA-256: 82dea54b6caaf4cdfec8e4bfb92da95929efddf164b49089e5c42fbeac4befa9
    Size: 39.44 MB
  14. java-17-openjdk-jmods-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 59be9f20ab04dfa00548abc9e637be40
    SHA-256: 456d6c0d6b717c454ec9ee11a09107424e7634b33324db05fe1694ca128e9757
    Size: 245.75 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: cf613e138342f90fbea5faf5bef6664d
    SHA-256: b4c143d0f1f8ed5d56c8f7733e20eb89a74b3912ba93e51808f5d77201aa0209
    Size: 245.69 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 8bd2431bfc4c9b97a2330b20c596de68
    SHA-256: c5df71cd9758f7605ec50c88194006cc90c8a260d3f594fc567346c4778a08fa
    Size: 177.34 MB
  17. java-17-openjdk-slowdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 9779c54aa530f39add8d80ad2fca8b41
    SHA-256: 2df3056b0410147a3e253801e1bc7815248bdc420931bf7de16ea18512639b8c
    Size: 402.27 kB
  18. java-17-openjdk-src-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 480a1a306c457fa8d87c3591258c3165
    SHA-256: df82bdd5436dfb33a6429853618b412a37b35dacefa474d76ff75821d3df50a3
    Size: 44.68 MB
  19. java-17-openjdk-src-fastdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: c46bedce07c2c47e49c1d1cde70f17ab
    SHA-256: d23e166605443e8c0b61f0c90f87c94d7e88f1e4dcb1403e3ce110bb8adbe0ca
    Size: 44.68 MB
  20. java-17-openjdk-src-slowdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: b36051d76c3032becb669100f26add89
    SHA-256: 7fdeb80e33e2d7c66764f89d23dc7ce7c305efb30ccef09e31d19ced5fd93161
    Size: 44.68 MB
  21. java-17-openjdk-static-libs-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: b2d3f49ac382b9cd938e2369ad823393
    SHA-256: d52642bba2bac8e00ab54fbd2739a76fb3ef299351b681e2596a737bb5b27ff7
    Size: 27.82 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 9ece233bf11469123e6bc006bcfa1752
    SHA-256: 079b01d65a724518ea68c845fe92e4b76e15aa3fa71a47d0a3eac2648d60a1e1
    Size: 28.00 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-3.el9.x86_64.rpm
    MD5: 7b8c384846886dba4e07419a5c45b425
    SHA-256: a5dfcef62b32d9672e1d62d85f139f24cae2c53d5e4643edc047e04cc0b4552c
    Size: 24.79 MB