jmc-8.2.0-19.el9_8.2

エラータID: AXSA:2026-1271:02

Release date: 
Thursday, July 16, 2026 - 17:31
Subject: 
jmc-8.2.0-19.el9_8.2
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments.

Security Fix(es):

* lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566)
* org.eclipse.jetty/jetty-[http:](http:) HTTP request smuggling via chunked extension quoted-string parsing (CVE-2026-2332)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-66566
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.
CVE-2026-2332
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error. POST / HTTP/1.1 Host: localhost Transfer-Encoding: chunked 1;ext="val X 0 GET /smuggled HTTP/1.1 ... Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. jmc-8.2.0-19.el9_8.2.src.rpm
    MD5: e09130a688e9ace7b8579b4a199f94e4
    SHA-256: c1ab60c27d197e9c6583a9317216e25e308fb100baf421884d8bae13271006d7
    Size: 423.87 MB

Asianux Server 9 for x86_64
  1. jmc-8.2.0-19.el9_8.2.x86_64.rpm
    MD5: 8a834c8d8a416aa5a00262570fc05b93
    SHA-256: b0a43fdee87aa3662b59471ddc992691e2d81c96a75f9ee50aba93509d266833
    Size: 72.56 MB