java-1.8.0-openjdk-1.8.0.382.b05-2.el9.ML.1

エラータID: AXSA:2023-6265:17

Release date: 
Wednesday, July 26, 2023 - 08:08
Subject: 
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-9] (BZ#2220662)

CVE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-22049
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-22049
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.382.b05-2.el9.ML.1.src.rpm
    MD5: ff369924ef3666c22aa5244df9034316
    SHA-256: 3ad7e1503cc5da26d48a0e954b7ae9d39e775828e50a5e30f25bafeb0006829d
    Size: 57.28 MB

Asianux Server 9 for x86_64
  1. java-1.8.0-openjdk-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 58d0a77a280ff58b077f7c4d5e56abee
    SHA-256: 647f10db578d4f0b3844ab345118847f742b659b938a805dd31534d39cb68fa8
    Size: 457.16 kB
  2. java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 7a102e38179d14d6c31c328eeda492d9
    SHA-256: a258b78ed9b7fbc197517902b74eb52884ca4d07b71ce5e0a48544395b30f3e4
    Size: 1.95 MB
  3. java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 7a71a089e53f39032fae7456f7fb1349
    SHA-256: 917ad8ba8ff9c031120ad67fe8882898cb0c0ebde2e19e6b547fbb5874118c1e
    Size: 1.97 MB
  4. java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: c87e2b34b99e8eebbf2459c9de8eac5f
    SHA-256: ad96c855b8531484983faff1c3c87e2e176f7c2e80d9d5a07fae93e1fae72c0b
    Size: 1.96 MB
  5. java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 6463a4006ea0e23e923d7fbc3a42d617
    SHA-256: aa63456b54b99c84ee98fae9ff46df1f870a3e0bffc734102ce480d0fb3e9b84
    Size: 9.33 MB
  6. java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: cda768b1d7dc0e9fc68117411bb19c10
    SHA-256: 50b1b2a3acae42c8b2f667185e7ba6e2bd2033f61758b6db707d77233a92ddd1
    Size: 9.34 MB
  7. java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: af7ada9dc3058186a9c0fc284e96bb4c
    SHA-256: 1b924e6a7f43b71ac95d5b46edb03cae29f09b470e721c176318910994bc71f5
    Size: 9.34 MB
  8. java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 46b2f52dff54b80ef61ab5f030b33857
    SHA-256: 81ef70c982dca5d5c392acb35fceb68ad5298916eef509dee73337c685791c87
    Size: 470.03 kB
  9. java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 03804ee6fafb36099125c55c9daf86bc
    SHA-256: 668b412a0b94b58a81d6b268bb03cde26ad7a88a3320f04bc008a7848afae0e9
    Size: 33.26 MB
  10. java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: c1ef7af3aae7cd03100e1e125537a832
    SHA-256: b1305b8ff3d22be7d8f442559dd476621289d03c4dfa11c8a80e944214547f51
    Size: 37.10 MB
  11. java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 24b4fc0f5b84228435e96543adb1df38
    SHA-256: 394334ea21a837c83b51bbb9fb27a5bc3a71b04b26d7efd296d617e141a25792
    Size: 34.96 MB
  12. java-1.8.0-openjdk-javadoc-1.8.0.382.b05-2.el9.ML.1.noarch.rpm
    MD5: 05233eb6a38b41b7854cbf5cfe2d880b
    SHA-256: ed018c4860427dec7e95d8c4d51a7edaf85096a6872ec94012a70cea6c8ce7f5
    Size: 11.86 MB
  13. java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-2.el9.ML.1.noarch.rpm
    MD5: d4fc527eaecb4855f01a97453e544bf4
    SHA-256: 361cc5288694d1d51c13823cbbf9917b0a6e7827c76d0f04ab9e5beabe0edaf5
    Size: 40.81 MB
  14. java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: b0f5e919a29491399d2c04667e52f5d4
    SHA-256: 849e0c7eebce2b22cc4c1d92c133988959f4f3154db93f7bdaacb90348a0203e
    Size: 447.42 kB
  15. java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: 4b0ef4d14821e251b20ddd8ea079b574
    SHA-256: 3ae95a2aaf2737c5601d910e1f81f0a84ec500d9daa8442a82fd895734b95024
    Size: 44.61 MB
  16. java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: cf4183657f71018383a0b65dcd80e5ea
    SHA-256: eacaf36c04295e313f15881f27d97d6a49176049507126dddec2ff78c6dc310c
    Size: 44.61 MB
  17. java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el9.ML.1.x86_64.rpm
    MD5: b94819601c5201a29e89f0be3e5f778b
    SHA-256: 12c078dd0ac39c303894e8291f2d555a236378a4bd42cca671dff2a7c2a1279c
    Size: 44.61 MB