java-21-openjdk-21.0.3.0.9-1.el8.ML.1

エラータID: AXSA:2024-7709:07

Release date: 
Wednesday, April 24, 2024 - 10:22
Subject: 
java-21-openjdk-21.0.3.0.9-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011)
* OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068)
* OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-21-openjdk-21.0.3.0.9-1.el8.ML.1.src.rpm
    MD5: 0d9e084064c5ddb06874c399d6a8b720
    SHA-256: dc02d57525519061b759e24dc64dfe556a0ba82edff87a6a099dc296d78674f4
    Size: 66.52 MB

Asianux Server 8 for x86_64
  1. java-21-openjdk-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 53369a691738e31d3a1590f7eb762ba6
    SHA-256: b596c1c15899531411e6531db30d67069512533c9b19e2ba17adcee56012d98c
    Size: 443.62 kB
  2. java-21-openjdk-demo-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 0feaffa55af671e44389429634a11024
    SHA-256: 15161b1d25b130c80a8f8fb4d087477efa7420fdf168af177225b2dcd63dc641
    Size: 3.17 MB
  3. java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 744a7a690e7e1a7ca44ed29383630dd1
    SHA-256: 6c17db6e54a040a4587425476c39b5f9118fd8e91b33158bec12730f496fb3b3
    Size: 3.17 MB
  4. java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 0af817546b4ba855d98ccf0c05b06e55
    SHA-256: 56dc3d8e474faa780f654b5f5040a0f89ab51fe6749eae6c16585646bcc4cec1
    Size: 3.17 MB
  5. java-21-openjdk-devel-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: def0d6e9bfc0938973641ba86016bbfe
    SHA-256: 9c14d0c1560b89482c69dcad56ce1f07872564f314041c77235fd787d1b37751
    Size: 5.16 MB
  6. java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 6ec4d2e549ace31353a546a8e983e458
    SHA-256: a570f31152682739004879d87c745d2ae4ccbfdfc7131042ebc1b8055fad56b4
    Size: 5.16 MB
  7. java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 24ca7ade2f09e890785a8de9a9f88b60
    SHA-256: 2be33005613d2b2026f30b348420a38da93499a1fdee7bdfa68a9d2e96254a92
    Size: 5.16 MB
  8. java-21-openjdk-fastdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 5e5b4781216520d99d66c1d0bb192209
    SHA-256: 97e7eeb1ad38681dd2fbf40bf808dfc06f6794651137b769564cf2faf99b0f58
    Size: 452.95 kB
  9. java-21-openjdk-headless-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 8334e44e6166a2134472795c77527fae
    SHA-256: 6614e24d4bf9b53511d0bc943e62c65fb5d06dc7c8bcc5e2d333f1cf92ac8d85
    Size: 49.76 MB
  10. java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: e28fa9a7374734f3f1207c9a3c0b67bf
    SHA-256: d9af68d01aff255400956f6309e8cf28558fed3f5394ac33873bf97fa33d8277
    Size: 54.59 MB
  11. java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 4a53db8e46d7bfe91e2ad80c84208775
    SHA-256: 9ca008982d4dc636ae8a19aa75d61c595b9f52338c17573d855a64ec992ee278
    Size: 54.38 MB
  12. java-21-openjdk-javadoc-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: f9bb20058deba0d145684a1988fdeea1
    SHA-256: 9232c1c15a90351a6e0328a04541ddea43a145a279039c117d610db84cc243cd
    Size: 16.39 MB
  13. java-21-openjdk-javadoc-zip-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 3022a1d0aed44d4dc1f8b2a6cad2d08d
    SHA-256: 66e2fcfde859f1899960a81f407dfad4cff03981037147daf9b8bc0f640b15d8
    Size: 41.50 MB
  14. java-21-openjdk-jmods-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 7a60923c7a23e15989bb699cc9163b64
    SHA-256: 8be5f7675959dbd53ade8491d67368709e2be04ec9a8e64af5247b3b9b3b7160
    Size: 312.12 MB
  15. java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 0ba0ce317d80b37356158fa35a46e2cc
    SHA-256: 803ae2870789632e68b44f112072b23012219f981ec980e7de2eca66bb649c78
    Size: 369.21 MB
  16. java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 9c34cf91c22622b5231225aa4fabf1f7
    SHA-256: 0d200d8d965022d0b9fcd2c929f824e59d16c00eedcd02491dc98c1f8b59694c
    Size: 290.18 MB
  17. java-21-openjdk-slowdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 92c2b923555687de232b92f56187262d
    SHA-256: 95d627251be8b0887c6cd005b9b3491e04d0e24644ad8db8c0f8fca96eb69b80
    Size: 429.77 kB
  18. java-21-openjdk-src-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 75d6124111a3efddf682dfcb857a6326
    SHA-256: 272beeae0f5f20c675547ada8f2170658654f8c9a40665757fbca768afce4fe8
    Size: 47.31 MB
  19. java-21-openjdk-src-fastdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: f6ce546ebfcf1f4be8bbb3367d3f7d0c
    SHA-256: a3176cf5841c5de7a584c9b705404046f4efff9979b33d1afe8da12af8b300ab
    Size: 47.31 MB
  20. java-21-openjdk-src-slowdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: ba6f600c05860e82e88b8dac8c7f325f
    SHA-256: cd8ab7d50dddd0d7a3b8b3881ce7a97ef6a277d16875f37ef1132736497ed046
    Size: 47.31 MB
  21. java-21-openjdk-static-libs-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: fef48bea25a8ce283a30c8c8529aad67
    SHA-256: f742a9f451c9dee449e21e2f8761f9b4a1f9f2e9283a9114927a28a1c6e0092f
    Size: 39.79 MB
  22. java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: d8f197cc690a8ccd9e08f7f39e10bb30
    SHA-256: 621727e611b6e93b277764321ca4b9a9b51bc8892d9d0a233e284f923be2ad2d
    Size: 40.04 MB
  23. java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 3d23887812a1191a5fadefe0fbf61466
    SHA-256: 94d595030878849e1a2785c3647b8aaabeffa992cf1a25eae03128bf205090b1
    Size: 34.30 MB