java-17-openjdk-17.0.9.0.9-2.el9.ML.1

エラータID: AXSA:2023-6538:16

Release date: 
Tuesday, October 24, 2023 - 02:09
Subject: 
java-17-openjdk-17.0.9.0.9-2.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121) (CVE-2023-22025)
* OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-22025
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-22081
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. java-17-openjdk-17.0.9.0.9-2.el9.ML.1.src.rpm
    MD5: 1359dece95d3eb529b62ce1abf6c02d8
    SHA-256: 2f99dac8dabe47d2d4849507b9222009f368757b2c64d56574d5aaba068fb89c
    Size: 62.08 MB

Asianux Server 9 for x86_64
  1. java-17-openjdk-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 1701395f4d5de5cfa8d613483597936b
    SHA-256: 26460ecbb67ff758d00d4fb23bc3b494a160c0099d40c55bd2fda31add542450
    Size: 432.21 kB
  2. java-17-openjdk-demo-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 00c74173bafa43161de7c35125d273b1
    SHA-256: 6a378ef5d7c5ae3422e1f8381cc62c9ca2914649c0d0c518c12355121bc5e12d
    Size: 3.38 MB
  3. java-17-openjdk-demo-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 87d901830a0dab8eec55d8038ef27833
    SHA-256: 48b903399cac03c5bfb7d6eba8bab3efec74d3d87ec005cfe5a487a5900ba412
    Size: 3.38 MB
  4. java-17-openjdk-demo-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 1006ed9dbb45b2913ceabd147aefb928
    SHA-256: d92beeb01f0b41025d2bdd08eb67966df633ed1dc674f0ee5b97bfd1e6fc32dd
    Size: 3.38 MB
  5. java-17-openjdk-devel-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: c131522f797742cfafa72cda499269cb
    SHA-256: 84d2f1477c94a27c7f063e9540bf99b8df4ed8b0b62b8a9d06151c0da04eea05
    Size: 4.71 MB
  6. java-17-openjdk-devel-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: ed9709c945887c3d0115df42951c42cb
    SHA-256: 6351cd535d55566c7f107dcd0cf2d50efa5e6f9bab971a60f693381f37e6e360
    Size: 4.71 MB
  7. java-17-openjdk-devel-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 5cb446ed61ac9447fe811f3807c08a09
    SHA-256: ac40ef33980649d49d7f72aba1e3ea05384ca0dbd810dfb1318c5e8c9f3b8951
    Size: 4.71 MB
  8. java-17-openjdk-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 26de5b24a43891dab19880fed0880abc
    SHA-256: 554b2bd9fc1b75dadf1036ee9a8ac7dbc1b1c4ca39943f62ecfc128efccdf2a0
    Size: 441.26 kB
  9. java-17-openjdk-headless-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: b3091dd7c9a646a26f5b9d6704169c6a
    SHA-256: b467109bef14b5dc9de19bc6a6e054d3c0fdfada3578f41282800414d48bcea6
    Size: 44.94 MB
  10. java-17-openjdk-headless-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: a9171c2ade4539edb8767ab55da7f5a0
    SHA-256: adfdddebeb0c2297d3f0e9c6a2285e7982aa80cfaede47fd1cda0083c64e39d7
    Size: 50.10 MB
  11. java-17-openjdk-headless-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: f4a776b6293c0003d8b0ec4529ae8861
    SHA-256: 9fb05ff0db306e05fe8508ab4527910674415891bd58218616ea6901040dc437
    Size: 48.55 MB
  12. java-17-openjdk-javadoc-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 8a5dda38507b4c531c5229e0849123cb
    SHA-256: c2319fe742aa7b585f9a6906026690a4c014e3d7ee97db4b60ae52b9dfd798f0
    Size: 12.49 MB
  13. java-17-openjdk-javadoc-zip-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: acb3325133470bbaf3e6528f51014057
    SHA-256: 9d4603d45306c7976f5036dbcfcbb695a9cb2a5bc26b912ab6d83c3c55ffc33a
    Size: 39.48 MB
  14. java-17-openjdk-jmods-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: c2d4d341258b57360d4e2b2d3065090c
    SHA-256: 2e265daa36e884bb3cdec4c28af184062f72a79c23faddc625c72c62dd0b5298
    Size: 248.88 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 90e646bee2e185766cc62470a15113ee
    SHA-256: d45ccbbe3e684fd6d4e1cb3d1339101ae56c92c967f8230fa8c2ddb3eb5377cd
    Size: 247.99 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: ed0885a63038505f92ce0f9cfdf79d1f
    SHA-256: 1a06e9169c907a2329c9715bcc576fbe79e7e1d8cb9b3dacbd1005c448ada561
    Size: 178.68 MB
  17. java-17-openjdk-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 0ca9f12747edaa87c98ec1c02c864710
    SHA-256: 7b133f55bdd99756d67125dd27047ed5234620ea1e55924421f5fdba95e2a777
    Size: 411.24 kB
  18. java-17-openjdk-src-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 267fd7fd51d9d97adb064a04c0819dd3
    SHA-256: 42f57ddcaf71c8f13562ab4f5a9775b6fdfef88813874c9b8797f5285bcebbd6
    Size: 44.75 MB
  19. java-17-openjdk-src-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: b89d662c10c393127acdbbdc80ea1924
    SHA-256: bdce25c644f96ae117e514db0c3dfcca8c0c57cf364b1cbd367d337460b73262
    Size: 44.76 MB
  20. java-17-openjdk-src-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: b73b1d9f62dcde3fd145583c104da7dd
    SHA-256: 604900daf1678a182edec04d7f442f08fc6f78bd6eb7a859c8a84b635e7e550c
    Size: 44.76 MB
  21. java-17-openjdk-static-libs-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: e8f2705bd01cd2f8231756731462d0c8
    SHA-256: 23701596aec42f783fda0e38e368387fe4c669716eee9d1fb456c0c57bb8b62b
    Size: 32.59 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 856a8c69f00c4d28b35e15c0f2e7a42e
    SHA-256: 35002d84a48012df739e41d3fc1b3e3c636fbc0e1b04225187e194c6f9dc4c98
    Size: 32.73 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
    MD5: d8235efd1839a6d5f2ed506284bc1118
    SHA-256: bd5768f66ae8740acade383df37b042efa9c6a7cb4521e3878bae89c2cda718a
    Size: 29.34 MB