java-11-openjdk-11.0.23.0.9-3.el8

エラータID: AXSA:2024-7715:09

Release date: 
Wednesday, April 24, 2024 - 17:23
Subject: 
java-11-openjdk-11.0.23.0.9-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011)
* OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068)
* OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085)
* OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094)
* OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-11-openjdk-11.0.23.0.9-3.el8.src.rpm
    MD5: 3c2d64b5ecaffe1ed0615c8295d1f574
    SHA-256: 4c689d449a1408e19c455d6f5ab11098cf5ec2c4ffef0086b59653cf1efe52bd
    Size: 68.31 MB

Asianux Server 8 for x86_64
  1. java-11-openjdk-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 837652fb83cfa4f2c78ad600765660bc
    SHA-256: 1377dd0aa9604fdf923372e5f5fb2bdb5a34b63c0521ff53e6eef1b4ee98f694
    Size: 474.57 kB
  2. java-11-openjdk-demo-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 430bb318955921467e64ae2f9b47e719
    SHA-256: 74064c4cd1f9d97b6e769ed7a33dce6c6a1fcde7fe745d24af922d197a3b44d9
    Size: 4.39 MB
  3. java-11-openjdk-demo-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 386170b4432d75a214a9a0487f00084c
    SHA-256: 555c74acfaad585c3c0eb012161be1d977e1f3dce1bf9aa7da6260ea17c700c2
    Size: 4.39 MB
  4. java-11-openjdk-demo-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 21c39a870a5b2ca52f62a0b3c14e2300
    SHA-256: 381f8224a0c09aeb4fb1b5fa2310fd1de687cdfb7b448aa70e2b570d72e1ce00
    Size: 4.39 MB
  5. java-11-openjdk-devel-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 1dd3890af640ce0905d091ee059bb015
    SHA-256: 9499395ea1c62002191c28d4284ea6ddff12bf18c73de1a00721e9d6e6a7e1d4
    Size: 3.39 MB
  6. java-11-openjdk-devel-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: e7853b82a1e6a860ed9549923f8f19aa
    SHA-256: 28b57de49388bb7a977f904008c1b5b151c730ec97da7f554e0b6b152aac0477
    Size: 3.39 MB
  7. java-11-openjdk-devel-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: ac7921d2b32980b3985d0233c518a256
    SHA-256: bec5f64a547f77fdf8058229f97ad939a3dc755aaca803f2d81e7eaa3ad625b5
    Size: 3.39 MB
  8. java-11-openjdk-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 7614902d527839c8c2a6f8d96fb53b9b
    SHA-256: 44583e450e9b1d890bede1abcd147e18d35077d91086ae196fbe1ae844a6fdd2
    Size: 487.80 kB
  9. java-11-openjdk-headless-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 8c83b4441d628a9f5c6ca044831386dc
    SHA-256: 6dc8cb9fe68e080c602c2f45cfaaf7d3e435b4fbcf080cc6f7d34eabd087be8b
    Size: 41.60 MB
  10. java-11-openjdk-headless-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 210bb02513bc795a824dcb2594cd4792
    SHA-256: 4439f31d34bcc0b07313f005290738bd8e52620c6a0cdc69bcef2a45cb029240
    Size: 46.62 MB
  11. java-11-openjdk-headless-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: e18b519932de911064848f4c4de35efa
    SHA-256: 8b56d8a4b1f3f6a158e48b48c9d7c5f6fffcef31f128280da218badbb2774a6f
    Size: 46.15 MB
  12. java-11-openjdk-javadoc-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 4f800a4ed53010ccf43dce274dc8d84a
    SHA-256: 5e58c6439c7840c934531164d4eca93b0558cdf563cd67313b917c6e9bd4de46
    Size: 16.00 MB
  13. java-11-openjdk-javadoc-zip-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 7fc3f9a4762d2492d8277c25f773a066
    SHA-256: dc96ac12b185907118e98e3ba6393bd61e5ebd37b19cec4dcf55de19fe277511
    Size: 42.16 MB
  14. java-11-openjdk-jmods-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: b64fdb23c1a5490cb0ab2a30bb5ed55a
    SHA-256: 990c00d1e0ed3032f09758b1749b581f0114ee0b1aadcab6f4d9dd22b7ab6736
    Size: 344.39 MB
  15. java-11-openjdk-jmods-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 2c505bfccc1da2fc9f1f5fdc32f585fc
    SHA-256: 08be4169206e758134789ff9cf7744eeeaeb65ffd3e6c8e085ea3929cb5309cc
    Size: 299.42 MB
  16. java-11-openjdk-jmods-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: fbb30a0fe0d9f2dad5f6507799c28fb7
    SHA-256: 8ced7f946ed698b8312aabcae3280e3eba45b514f403dfc5e90cf2b6c9a771c3
    Size: 231.34 MB
  17. java-11-openjdk-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 6ddfd1459d9f78e7d9b197b65a8afe18
    SHA-256: d24cc347c49214f5356c9ca404a7342b3822f4c6fef076511663d103d42cbf58
    Size: 461.88 kB
  18. java-11-openjdk-src-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: be8c042029bff687f2ca452a8132d0b3
    SHA-256: 3980b25eb35e88597da85c2c6826e57e40c884417285f63f47140e86c46d37a4
    Size: 50.54 MB
  19. java-11-openjdk-src-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 06cf3c97c32f32ce02e8d65b65b9338e
    SHA-256: f8e38e89167fe1003ddfb0c9b6716be52a5774da8d2aec7f76c2f1f3e46c2f44
    Size: 50.54 MB
  20. java-11-openjdk-src-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: f54bd973dd2763081bd0663f85eb194a
    SHA-256: cb67ac5377338559c5262cb12d7929f5d807160e6b6ecb9b2deed56faa0e5fa8
    Size: 50.54 MB
  21. java-11-openjdk-static-libs-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 0910a52a1a33fc92818c88267e44c5e9
    SHA-256: 6f0f155eb4676e7eb8139869689678c778f995600d59a295d46d1e5332588839
    Size: 38.39 MB
  22. java-11-openjdk-static-libs-fastdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 7e7cacc66a48378b6969269223a64dce
    SHA-256: ec327ff2535ba38df110830987f1034281749daef6d564d0785a34820a4036f6
    Size: 38.72 MB
  23. java-11-openjdk-static-libs-slowdebug-11.0.23.0.9-3.el8.x86_64.rpm
    MD5: 783a36ed09834b48824eba47c33ff489
    SHA-256: d96ab85afdf85cb516df830a0fa4ba267aa1107108c1974d7616c9dd80ff9600
    Size: 33.55 MB