java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1

エラータID: AXSA:2024-7708:10

Release date: 
Wednesday, April 24, 2024 - 09:23
Subject: 
java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment
and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011)
* OpenJDK: integer overflow in C1 compiler address generation (8322122)
(CVE-2024-21068)
* OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085)
* OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)
(CVE-2024-21094)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22,
17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM
Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
ability to cause a partial denial of service (partial DOS) of Oracle Java SE,
Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This
vulnerability can be exploited by using APIs in the specified Component, e.g.,
through a web service which supplies data to the APIs. This vulnerability also
applies to Java deployments, typically in clients running sandboxed Java Web
Start applications or sandboxed Java applets, that load and run untrusted code
(e.g., code that comes from the internet) and rely on the Java sandbox for
security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10,
21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM
Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for
JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability
can be exploited by using APIs in the specified Component, e.g., through a web
service which supplies data to the APIs. This vulnerability also applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. CVSS 3.1
Base Score 3.7 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product
of Oracle Java SE (component: Concurrency). Supported versions that are affected
are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise
Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks
of this vulnerability can result in unauthorized ability to cause a partial
denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise
Edition. Note: This vulnerability can be exploited by using APIs in the
specified Component, e.g., through a web service which supplies data to the
APIs. This vulnerability also applies to Java deployments, typically in clients
running sandboxed Java Web Start applications or sandboxed Java applets, that
load and run untrusted code (e.g., code that comes from the internet) and rely
on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22,
17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM
Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for
JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability
can be exploited by using APIs in the specified Component, e.g., through a web
service which supplies data to the APIs. This vulnerability also applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. CVSS 3.1
Base Score 3.7 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1.src.rpm
    MD5: f89a2fe5247a00a816822f9664246335
    SHA-256: 2d2a235e96f2d155865b16272cbb2a7b37f57257d701ad3cfe6381a1b49ec29d
    Size: 58.16 MB

Asianux Server 9 for x86_64
  1. java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: a0bf35afc9d21eb86cc9c0ec14b39497
    SHA-256: 860ffdd0bfa6e0b8906d107f7fef02596f49444d02cb883c13e0f9527e6d4acd
    Size: 456.78 kB
  2. java-1.8.0-openjdk-demo-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 551b0b97e25205b2a7742400b4220a97
    SHA-256: 2a0f64b89e96eb0a1d6f2b2443837104d3ca7965b5ca985ee4237d9eccaa304a
    Size: 2.04 MB
  3. java-1.8.0-openjdk-demo-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 37f4537facb8cebf5d419946309837e4
    SHA-256: 593badbbb67faba3f3d74c20f76f4d0cf7e91d51857e58ad0a1f218162c7b606
    Size: 2.06 MB
  4. java-1.8.0-openjdk-demo-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: a46f876414d4a43788f095325a06f46a
    SHA-256: c3e54d13f58eaa513099214a46e62a72e902dbed80091d89428c66f6409d5df4
    Size: 2.05 MB
  5. java-1.8.0-openjdk-devel-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 6df7c4af2e057bd00be0f758ba1df866
    SHA-256: 91acdd5eb11910a3ce37cf6e911cf68f530ceafb117545e7a17834cd5de8da5f
    Size: 9.35 MB
  6. java-1.8.0-openjdk-devel-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 33a539e53f3bb81593870702d8b2caed
    SHA-256: bc4699461ab07e9c38c97bb4222ea33750f598d67e37bd914b481f5dcfcc9534
    Size: 9.36 MB
  7. java-1.8.0-openjdk-devel-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 8991d888527a5b8513f2cf1286b95497
    SHA-256: a7a5037b0823bb4835ea996255ea4950d78dd1e79766fbe8baab6c32bdc4a37b
    Size: 9.36 MB
  8. java-1.8.0-openjdk-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 27fe31d77565cc88df9cd0b9464aef4b
    SHA-256: 07fc654e5d9b1ef43e5a02c7796802b626624c507c707a4dff95df1e3ba8ca27
    Size: 469.52 kB
  9. java-1.8.0-openjdk-headless-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 551b1021d2c5c6f38d2e0aff2d5c72d4
    SHA-256: b91937e9db6ccd3a04872e61a9eae930c464f5962215cf55a4a96f621d8d6ccf
    Size: 33.33 MB
  10. java-1.8.0-openjdk-headless-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 85de50bb48329d1abe31ee50edae1622
    SHA-256: 51a76c85f1c1476cc29f1e2d6da23203c20193a660b62f687a206e5dbc5e0762
    Size: 37.19 MB
  11. java-1.8.0-openjdk-headless-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 7510120b949a4d1e0885fbfc81cd456a
    SHA-256: 0fc53fac375c62f3e673025054111931511ad68bc504e1037edc674704b1ba63
    Size: 35.08 MB
  12. java-1.8.0-openjdk-javadoc-1.8.0.412.b08-2.el9.ML.1.noarch.rpm
    MD5: 8111166d30fa950c3af3b4216a09c4b8
    SHA-256: c3cd9d44909ca3be49fb41f5aa3ee15413fc95aefd6e9f2b85c93ead6f40166f
    Size: 14.46 MB
  13. java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-2.el9.ML.1.noarch.rpm
    MD5: b24fd570a97abccedf04d758cef73ab2
    SHA-256: 9db0a6e4354988368075d6e8faf442a1f3fa11f2c729fb100d03afa59ff3cf3f
    Size: 40.86 MB
  14. java-1.8.0-openjdk-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 8ab9f70d0abc80a1c02f2a7b17bd567a
    SHA-256: 3fa2a2eb76bf53852d3d13e48735b5e3f88132764ae8bb14219720b191c7ddd7
    Size: 444.39 kB
  15. java-1.8.0-openjdk-src-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 495b6bfafce25d1b9d1bffc786da28d8
    SHA-256: c7060efffc49e4e05d96a47c98b7f6f43169509c1453cc99a40d8b68ca31e8c7
    Size: 44.63 MB
  16. java-1.8.0-openjdk-src-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 9ebac5ab39b85737f639626e2a721b8f
    SHA-256: c369c292b63f28e539cdb5ce27425521de701c9ba0c7d898ea75e23aef0e0bc4
    Size: 44.64 MB
  17. java-1.8.0-openjdk-src-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
    MD5: 1d9faaa63a21749892d8db4cf49b1a65
    SHA-256: cfd58ecb9c1ff62cd642d058f53faeaf9bab1fb220a338d967fb72e5b21fa15f
    Size: 44.63 MB