java-17-openjdk-17.0.12.0.7-2.el8

エラータID: AXSA:2024-8579:12

Release date: 
Friday, July 19, 2024 - 19:48
Subject: 
java-17-openjdk-17.0.12.0.7-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and
the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

OpenJDK: RangeCheckElimination array index overflow (8323231)
(CVE-2024-21147)
OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)
OpenJDK: Excessive symbol length can lead to infinite loop (8319859)
(CVE-2024-21138)
OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
(CVE-2024-21140)
OpenJDK: Out-of-bounds access in 2D image handling (8324559)
(CVE-2024-21145)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21145
CVE-2024-21147

Solution: 

Update packages.

CVEs: 
CVE-2024-21131
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21138
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21140
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21145
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21147
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-17-openjdk-17.0.12.0.7-2.el8.src.rpm
    MD5: 7c3c15e1bbea69e9ec7cf678f554b71f
    SHA-256: b4010a86ffa53ecfdf6671118d5ca12e60276b7c269914278d74823e2f61d786
    Size: 63.01 MB

Asianux Server 8 for x86_64
  1. java-17-openjdk-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 838aa4e6059c26ec2e089596ed404a0d
    SHA-256: e73191fdfe0e761d7dd91ec64c24f6ad52774c9ceb9d6068f6a7bfa2fdf049b3
    Size: 464.95 kB
  2. java-17-openjdk-demo-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 8c4c855f816bb54e1ec3d91fb335ef92
    SHA-256: a2a6e9c83bf8ed04562e3c2097fce0be6adb52fc855075c4c740e9852e6c7c91
    Size: 3.44 MB
  3. java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 361024244758b3fae183383f42d2b26b
    SHA-256: 06ef9c37e8e048f30955aa03f06134dd7cb311564c2cb0145188f9c89b14f114
    Size: 3.44 MB
  4. java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 276bf3004c8f226ccd6ddd35e416ffc0
    SHA-256: 7620a32f05c3493041b0e06ba75eb3c2581ebd61a5884efd23fc27f3cd42ff6e
    Size: 3.44 MB
  5. java-17-openjdk-devel-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 45e8f9d7ad9f2fc1abe9c955f1097c14
    SHA-256: 07814634c0560e7dc63f9cf8bd58500eb6acd445d37d28571be6442c6ace0b20
    Size: 5.12 MB
  6. java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 7ded8a602e3a0738d06b5c46f99cc681
    SHA-256: 3b1e17e02ddb89dc3cae018552b17e6b2bf483781d7532a807edd616d3e0f47d
    Size: 5.12 MB
  7. java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 0a631f5944d1b4a6e0688dee9ed1bc38
    SHA-256: 126df7665ddfb6c8e711b2349702e31bb1329a0421aef0acb593dac7f4e76dc4
    Size: 5.12 MB
  8. java-17-openjdk-fastdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 325618d1e4983c883084f216190bacb4
    SHA-256: 10562720159513a194e2e33fd8d7cc9bda3be1013f66562d1756b262442ad86c
    Size: 473.82 kB
  9. java-17-openjdk-headless-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 3c9606c7ee31ff2acab84341df4fe77a
    SHA-256: 55ac940020fe7ad6a9eeaaa1fff51ad35e4eed25c89171c584b52c813ced7961
    Size: 46.48 MB
  10. java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: f47b828b418d0199ffc4507323a589cd
    SHA-256: 7f59bea35e538661dacb032d448bed36a6f8c0bb341088c5e3bfc834eb550095
    Size: 51.09 MB
  11. java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 67a2dea6985c85ba452b4e456fa2f0aa
    SHA-256: 77bab98968113b1f56b2d732b39e3bad24eee515fc8c26c575ffbbe9e1a45ddf
    Size: 50.26 MB
  12. java-17-openjdk-javadoc-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 0e25d2700ab727fb965d9ab2168f90c7
    SHA-256: 1c54051cceafe29b8a9a1543745d29a2f01ecf7b56f68dffd333ae42003fb862
    Size: 16.02 MB
  13. java-17-openjdk-javadoc-zip-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 7b6da4df2c3bf8d72b8186691c15ef3e
    SHA-256: ea46451d16d91f518e20c85818936bc226e69c1e182f85b1d9d4180e550ffc8c
    Size: 40.26 MB
  14. java-17-openjdk-jmods-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 9eda7be101d02ec1504f35abb494c0a1
    SHA-256: 4c22f06556c2c95cab2fc4e7937880b79c5e0ef2ca9e257d47fdfadb1df64658
    Size: 261.81 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: eb5d6d3801946c6c76ed2b4e88ec5f5b
    SHA-256: 6a68aa42eaacfcf2514ad70cceab1b4cd86ea3d90db0fb4009e3622e10f80ff1
    Size: 254.95 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 9a23a13ef8136526a67133f0f78456a4
    SHA-256: 347b308d9ef42520bab919b8cae051c3f5a30fbb01b4c9b9885c47028590ff51
    Size: 192.07 MB
  17. java-17-openjdk-slowdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 54568647deeef00a1f702216d127e323
    SHA-256: 172c111b04e4434f2d9241965cf6be001571af3e6d97917408d25185d68e59e1
    Size: 447.21 kB
  18. java-17-openjdk-src-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 06e0bd43ea49d253a6d8738e1dd68afa
    SHA-256: 5b9d4c0b1127858e73849ab2b6c148d3963d90cf49114807ca99ff82937bfeef
    Size: 45.44 MB
  19. java-17-openjdk-src-fastdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: dcbcd10aa95cb0670ecf8b6da5822863
    SHA-256: 25f13e56cc651c1485ec54a539e969357d73ffd7ffa4d7abeddd752d354734bb
    Size: 45.44 MB
  20. java-17-openjdk-src-slowdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 24f33fcde15748134a5de042f08aa7a3
    SHA-256: b773951fba6736da1c4e22cc96cb15dc124e2474e5b1635f1bade890e5ea6767
    Size: 45.44 MB
  21. java-17-openjdk-static-libs-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 4a84a59a88b7170ce4ce9a6a36508d6e
    SHA-256: bc23bc9a3ff4aa233aadf01fb49bb6f50b50a19702ebc9600f4523dfca71c866
    Size: 39.71 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 798bd00039062c3073a1f7900a60ef3b
    SHA-256: f87a7af41007762d7f83a9e6918f3a4412593dee06a286792bd5626183972861
    Size: 39.97 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.el8.x86_64.rpm
    MD5: 8627806e6531ce7c9980a27478088ca8
    SHA-256: cb55713dfbdaaf376104d99532ccb9fdbc769dc231fe59c3dadbc90d49c9eea8
    Size: 34.30 MB