java-11-openjdk-11.0.23.0.9-2.el7

エラータID: AXSA:2024-7701:06

Release date: 
Wednesday, April 24, 2024 - 17:28
Subject: 
java-11-openjdk-11.0.23.0.9-2.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011)
* OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068)
* OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085)
* OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094)
* OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-11-openjdk-11.0.23.0.9-2.el7.src.rpm
    MD5: 3a63e4a1bc515688cce5b0161bf7ee6e
    SHA-256: 2a76e607b6bbf0c8ecf423ffb471e50063b37627c27936b11688586335b92633
    Size: 68.36 MB

Asianux Server 7 for x86_64
  1. java-11-openjdk-11.0.23.0.9-2.el7.i686.rpm
    MD5: 7c5467c919a4ec5503a41c86e460853f
    SHA-256: 5069b2897b379a89fb9ce096882b2fd64d5e67e8571e79b7117b4ae776a2b764
    Size: 238.72 kB
  2. java-11-openjdk-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 57e3d9275bd08804b166a15a50748582
    SHA-256: d93c81d998498037029aedf6c3035a239ad3988179acadf271c003088baee061
    Size: 242.57 kB
  3. java-11-openjdk-demo-11.0.23.0.9-2.el7.i686.rpm
    MD5: 8a6a28590131d29b8a7f08c863360c55
    SHA-256: 78d04fc63fdec19c459fea9667c33493039a9b6d253f26fb0c7e9718892d6014
    Size: 4.37 MB
  4. java-11-openjdk-demo-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: a35c7eee2121458f0bb22cb953c54933
    SHA-256: e440fcd1c51c8ace5b0a9bbc17c1a226ee999dd3d4b0ccabc53a4ed668e8c18d
    Size: 4.37 MB
  5. java-11-openjdk-devel-11.0.23.0.9-2.el7.i686.rpm
    MD5: 38d1f06086661fea8eea6697af7084b9
    SHA-256: d3fc5a2b57346f85c460b0140a4f9d907c46cc706415da23d202a4a3270d76b8
    Size: 3.36 MB
  6. java-11-openjdk-devel-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: e52aee463bbedfa57e362c7dd0801997
    SHA-256: 2b22c1d5a88685542e181b43378cc1703aedfba777e469431cbb9c25f944d2ef
    Size: 3.38 MB
  7. java-11-openjdk-headless-11.0.23.0.9-2.el7.i686.rpm
    MD5: c0e1235a5329595d40fbb2cd59f860d0
    SHA-256: 8fc9f8040bc0d209e31c9e0b34dfb3fec8d4d3c95fcee596fd1d4065d413c097
    Size: 35.16 MB
  8. java-11-openjdk-headless-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 0a4b99828f4fea5db8e31ad1fa59b980
    SHA-256: ae1893dbd356771439ca80e01885f484131650a9fac43e39aca08678bc064271
    Size: 39.07 MB
  9. java-11-openjdk-javadoc-11.0.23.0.9-2.el7.i686.rpm
    MD5: 30ac84f73ee9f6055e2572c803e05917
    SHA-256: 4dc61a3a80ca09a69606cb1e356224913e5780dc57f40766b64e32cae75d1e9d
    Size: 16.10 MB
  10. java-11-openjdk-javadoc-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: adcf31475130bf4a9f95ea104f6d113a
    SHA-256: 7277e64e54b304ec79306b5471a14081da4ec1d1abc542628169ce51d0531f48
    Size: 16.10 MB
  11. java-11-openjdk-javadoc-zip-11.0.23.0.9-2.el7.i686.rpm
    MD5: 31ad418ff3a6ae4a3c037e8c77f6437c
    SHA-256: 2c17564ecf665212cff223491482b0d031baaca5db99cb2677d3b7c3b7048685
    Size: 42.14 MB
  12. java-11-openjdk-javadoc-zip-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 6fc31245318a6ee37c4ea099af156c0e
    SHA-256: 72d3fad58aac74a0b2743f698d6d1d7ca094a42b78ce88076ae7b2e03781f2e5
    Size: 42.10 MB
  13. java-11-openjdk-jmods-11.0.23.0.9-2.el7.i686.rpm
    MD5: d25ff392ceb252945529318460ee54a9
    SHA-256: 8bb92f9a5d51ea8609e88205a6a98a919f93901471409fe48fc689be38a1aae9
    Size: 258.67 MB
  14. java-11-openjdk-jmods-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: f6b8641735f8ad22f87e7b0392527eee
    SHA-256: e531b877faa70c63a567f4b922ad5aee472fb3814124e62e09799c901e4e3cab
    Size: 306.35 MB
  15. java-11-openjdk-src-11.0.23.0.9-2.el7.i686.rpm
    MD5: c5330f7eec537d5a6a1a27a60ce2ab5e
    SHA-256: 3e0ecc012a497568040e699d61210d0cd60b458422810f9a3dd1367ebf0b4999
    Size: 45.75 MB
  16. java-11-openjdk-src-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 77d29f7e5425a88da5b3bbd8742f0bd9
    SHA-256: 34ff1915b81df04551e6f3538180220062e53b8db37fbc6c0a941fdcc02789ea
    Size: 50.49 MB
  17. java-11-openjdk-static-libs-11.0.23.0.9-2.el7.i686.rpm
    MD5: 1d1a6043688343e4ebf21ca119cf8d7f
    SHA-256: a722b50debe8b5e559deccdd445cb1f0bad3e8508ad526950fa3a95f97ac4eb7
    Size: 7.14 MB
  18. java-11-openjdk-static-libs-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: a5090c2bd61f3bbfbe8d3ad9f320f921
    SHA-256: 7f25be4ea2f0be5d506bd620ed01054cbd81b08f8c9dbe3876afa4d872961290
    Size: 7.57 MB
  19. java-11-openjdk-javadoc-debug-11.0.23.0.9-2.el7.i686.rpm
    MD5: 4b6f40b95521bfeb34b6d208b8323392
    SHA-256: a7a1e4c6fc2e72038518383865281ff8018f394a0b3f7c4a23de6b81d549bf5c
    Size: 16.11 MB
  20. java-11-openjdk-javadoc-debug-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 7fe7ffba8104e4f043e817be51609bdc
    SHA-256: b40ba462e78323389913f265ec882ae09f83782dcdf5073b24c55310cdc97e64
    Size: 16.11 MB
  21. java-11-openjdk-javadoc-zip-11.0.23.0.9-2.el7.i686.rpm
    MD5: 31ad418ff3a6ae4a3c037e8c77f6437c
    SHA-256: 2c17564ecf665212cff223491482b0d031baaca5db99cb2677d3b7c3b7048685
    Size: 42.14 MB
  22. java-11-openjdk-javadoc-zip-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 6fc31245318a6ee37c4ea099af156c0e
    SHA-256: 72d3fad58aac74a0b2743f698d6d1d7ca094a42b78ce88076ae7b2e03781f2e5
    Size: 42.10 MB
  23. java-11-openjdk-javadoc-zip-debug-11.0.23.0.9-2.el7.i686.rpm
    MD5: 6dfb8dc13bffd8723ab3830f48ee18da
    SHA-256: 8c74f343d0ce3a9c52a46d60ba29ecb0187d3d8394e7159721f724997f26e2a0
    Size: 42.14 MB
  24. java-11-openjdk-javadoc-zip-debug-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: a76ee11a8b7b7822b8b7a6b0a17008a4
    SHA-256: 7a4cd15f8d95383c8b65e234b28d929c81451ba167a3b8a17c268de191410ff3
    Size: 42.10 MB
  25. java-11-openjdk-jmods-11.0.23.0.9-2.el7.i686.rpm
    MD5: d25ff392ceb252945529318460ee54a9
    SHA-256: 8bb92f9a5d51ea8609e88205a6a98a919f93901471409fe48fc689be38a1aae9
    Size: 258.67 MB
  26. java-11-openjdk-jmods-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: f6b8641735f8ad22f87e7b0392527eee
    SHA-256: e531b877faa70c63a567f4b922ad5aee472fb3814124e62e09799c901e4e3cab
    Size: 306.35 MB
  27. java-11-openjdk-jmods-debug-11.0.23.0.9-2.el7.i686.rpm
    MD5: 3170be2b2ce78b3916df03efb9685526
    SHA-256: 4bf892bde2bbf0412463dacb5b53e4d9ff6bf7574c4ab6ce55e0a279fc2bd729
    Size: 147.46 MB
  28. java-11-openjdk-jmods-debug-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 8685aaed594031acd68434289435edc9
    SHA-256: 8fbf17fd12fd88d5ec318aeedf3d37dcc807107afc8dfdb39a72ca46b78ed8f3
    Size: 174.46 MB
  29. java-11-openjdk-src-11.0.23.0.9-2.el7.i686.rpm
    MD5: c5330f7eec537d5a6a1a27a60ce2ab5e
    SHA-256: 3e0ecc012a497568040e699d61210d0cd60b458422810f9a3dd1367ebf0b4999
    Size: 45.75 MB
  30. java-11-openjdk-src-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: 77d29f7e5425a88da5b3bbd8742f0bd9
    SHA-256: 34ff1915b81df04551e6f3538180220062e53b8db37fbc6c0a941fdcc02789ea
    Size: 50.49 MB
  31. java-11-openjdk-src-debug-11.0.23.0.9-2.el7.i686.rpm
    MD5: f660e0849a5cb829c9ddcf51e09320b4
    SHA-256: 3eccc8d7cb78ea3dd5fd182a32b63f4dbd026eaa022663fc3667d7ec5da29259
    Size: 45.76 MB
  32. java-11-openjdk-src-debug-11.0.23.0.9-2.el7.x86_64.rpm
    MD5: c2c0d33768b9c488dd1bd8faf3bb1014
    SHA-256: 115afe8244f4c845d75b5e87f23e237aa03d21dc8d66487de378e4670117909c
    Size: 50.50 MB