java-11-openjdk-11.0.23.0.9-3.el9.ML.1

エラータID: AXSA:2024-7717:10

Release date: 
Thursday, April 25, 2024 - 11:59
Subject: 
java-11-openjdk-11.0.23.0.9-3.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and
the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011)
* OpenJDK: integer overflow in C1 compiler address generation (8322122)
(CVE-2024-21068)
* OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085)
* OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)
(CVE-2024-21094)
* OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)
(CVE-2024-21012)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22,
17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM
Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
ability to cause a partial denial of service (partial DOS) of Oracle Java SE,
Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This
vulnerability can be exploited by using APIs in the specified Component, e.g.,
through a web service which supplies data to the APIs. This vulnerability also
applies to Java deployments, typically in clients running sandboxed Java Web
Start applications or sandboxed Java applets, that load and run untrusted code
(e.g., code that comes from the internet) and rely on the Java sandbox for
security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Networking). Supported
versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22;
Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition:
20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise Oracle Java
SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful
attacks of this vulnerability can result in unauthorized update, insert or
delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition accessible data. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability does not apply to Java deployments, typically in servers, that
load and run only trusted code (e.g., code installed by an administrator). CVSS
3.1 Base Score 3.7 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10,
21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM
Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for
JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability
can be exploited by using APIs in the specified Component, e.g., through a web
service which supplies data to the APIs. This vulnerability also applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. CVSS 3.1
Base Score 3.7 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product
of Oracle Java SE (component: Concurrency). Supported versions that are affected
are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise
Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks
of this vulnerability can result in unauthorized ability to cause a partial
denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise
Edition. Note: This vulnerability can be exploited by using APIs in the
specified Component, e.g., through a web service which supplies data to the
APIs. This vulnerability also applies to Java deployments, typically in clients
running sandboxed Java Web Start applications or sandboxed Java applets, that
load and run untrusted code (e.g., code that comes from the internet) and rely
on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported
versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22,
17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM
Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for
JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability
can be exploited by using APIs in the specified Component, e.g., through a web
service which supplies data to the APIs. This vulnerability also applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. CVSS 3.1
Base Score 3.7 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-11-openjdk-11.0.23.0.9-3.el9.ML.1.src.rpm
    MD5: 340b00ee678b63068ff4ac4298114c7e
    SHA-256: f684de2436b233477a90f84aa67dc4a338737e121f8f5f48d23977493f338b85
    Size: 68.27 MB

Asianux Server 9 for x86_64
  1. java-11-openjdk-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 569e83fc117abe767cb3681ed79a84fd
    SHA-256: dc5630c6a08e44e9be16a20a795763e1904eedadeec1e6af7611771f8dc77c59
    Size: 434.46 kB
  2. java-11-openjdk-demo-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 6e9964157f6fbe32bbc8995c1c35c8b5
    SHA-256: 18735cdeaa9089d68c5272e511916c5bd689f0ad446c8753e6fd2066ed4e649a
    Size: 4.38 MB
  3. java-11-openjdk-demo-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: ce9d088f4cb17eca443d90abccb191f5
    SHA-256: 927bd5f21285e8b47ac22397068c3103b195197ac765435471463cdb13caa3f3
    Size: 4.39 MB
  4. java-11-openjdk-demo-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: abde4594f3c1df01cfc7318defa3c826
    SHA-256: a49c61fc271ac7e413a63e0725ea0dd697107d4714e2ca3106b012f16ba98be1
    Size: 4.39 MB
  5. java-11-openjdk-devel-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 128e38987754e1b1d00e0c4b870f2279
    SHA-256: 7d7ec876d1ac1a79f8bb7deb1e87fe224246f2502187f4ae7f468144c87b7411
    Size: 3.30 MB
  6. java-11-openjdk-devel-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 9efe0e140d1b7870a3056cc9b5baf71b
    SHA-256: 10ac1b0577cfe203c62291b48626010c6e52c874c813cfd21e048114c023ba63
    Size: 3.30 MB
  7. java-11-openjdk-devel-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 4f601c3b2beb25d3a4cd078097bfd73d
    SHA-256: 295c50dede0cfe7ef166ef068b8b73cd1483c1b469cd13bcaba4ce85911b37f8
    Size: 3.30 MB
  8. java-11-openjdk-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: a1049a8ff4bfee3811a14c38e9cddff7
    SHA-256: 886f78ed502ac41ad6f93799374a70389dd5addbbdaa86b33ae9abcae061ccb8
    Size: 448.93 kB
  9. java-11-openjdk-headless-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 052d165b2a4d68c961990fdd0d59a976
    SHA-256: aaade9a1b14ccf1b4b77d88248301e4f812df989927838c24f6e2433cf0c0dad
    Size: 39.84 MB
  10. java-11-openjdk-headless-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 9bf3705fc7107860082a9e52ab885312
    SHA-256: 302484a58519cb05b64b2e287df995b67e97c39d805efca48aa1a4c4ae0043cc
    Size: 45.33 MB
  11. java-11-openjdk-headless-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 17e90ab5ae0c6f2a8a04ef867ccdfce3
    SHA-256: 96c53773ac552b17b11cf7c328e426f66fc6af7483661c47771fb0ffd0f5e70a
    Size: 44.27 MB
  12. java-11-openjdk-javadoc-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 7a857be7f2afd629b3b9fbc3dee92794
    SHA-256: 468e16cc906665bcbddb5b2f728c83684439e977727465275938c94c5e2ba4da
    Size: 14.82 MB
  13. java-11-openjdk-javadoc-zip-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 4e9610d6180448aae7f5bc365e0c8bfd
    SHA-256: a63cd1c5e4f71fd7fe7496fa671f700573eb4ac0acbc95e6e9e3ef2b391d9027
    Size: 41.16 MB
  14. java-11-openjdk-jmods-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 820daf328635a082dbc36dc3587babd7
    SHA-256: a3d5430a5a4306175ed429423a6939299efae6a19f41ff212b5204240e999385
    Size: 325.55 MB
  15. java-11-openjdk-jmods-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 78dbe32206c71fe3ce3ca11689d67ebf
    SHA-256: 3e4a27aaa853fa3d1d09e0498b55457a24db4443952a7e58018756ceb1b871e4
    Size: 286.41 MB
  16. java-11-openjdk-jmods-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 2a0902d8220bd3b7a835bd269cad5ef1
    SHA-256: c9f7e051f29f4d3750d0d73c5d893c02354c4c1ac513977eaf88ffc58b4f8ff8
    Size: 213.36 MB
  17. java-11-openjdk-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 7a5239372fac65950871ed5b0ce1c6e1
    SHA-256: 68db09cc3abbf6ed94a7d57297549969971247553d1eaae306cd6e1a21c52c26
    Size: 420.90 kB
  18. java-11-openjdk-src-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 5e1da5688f75257877624064bd345014
    SHA-256: bff4367660db9ec0273f1a8e9e5eb364412fba2202fe921a957247f9e9e46e29
    Size: 49.72 MB
  19. java-11-openjdk-src-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: dc8e955c6153f79adc947e70ad2b75a9
    SHA-256: 25bee00e291fd543701b5b22f3ba964dc8d160dabf2494ead3c7e65a7f398509
    Size: 49.72 MB
  20. java-11-openjdk-src-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: 2766c9165523be0887f5330ca2450b58
    SHA-256: 6c04c74fe62788aff18e8755538ef1e9e01f0feaab54a52e686bc0c8f6e2dd88
    Size: 49.72 MB
  21. java-11-openjdk-static-libs-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: bcd3a8ff9255eecdf70825cf2c806a1a
    SHA-256: 00d15e8b82f8cf5c00907fd2ba9f8028f096ddc663ada1d2ed163c851fd9e5a9
    Size: 34.14 MB
  22. java-11-openjdk-static-libs-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: ba5888a96f452822f0d4cd4f215143c2
    SHA-256: dc31ea13b4498d9855bf4f673f211ffe4a0e727b18c73cabeffdb2f937f417e0
    Size: 34.20 MB
  23. java-11-openjdk-static-libs-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
    MD5: a8d59a78b211567c60a7461076c08767
    SHA-256: 907bf071f2fd79f6409913e9c1266b75486a0febcda9e8d7e9b1e1e777f4bb66
    Size: 30.90 MB