java-17-openjdk-17.0.1.0.12-2.el8
エラータID: AXSA:2021-2878:03
以下項目について対処しました。
[Security Fix]
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険
にさらすために複数プロトコル経由でネットワークにアクセスしている認証さ
れていない攻撃者が、Java SE と Oracle GraalVM Enterprise Edition の部
分的なサービス拒否を引き起こせる不正な権限を取得してしまう脆弱性があり
ます。(CVE-2021-35556)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険に
さらすために複数プロトコル経由でネットワークにアクセスしている認証され
ていない攻撃者が、Java SE と Oracle GraalVM Enterprise Edition の部分
的なサービス拒否を引き起こせる不正な権限を取得してしまう脆弱性がありま
す。(CVE-2021-35559)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険に
さらすために複数プロトコル経由でネットワークにアクセスしている認証され
ていない攻撃者が、Java SE と Oracle GraalVM Enterprise Edition の部分
的なサービス拒否を引き起こせる不正な権限を取得してしまう脆弱性がありま
す。(CVE-2021-35561)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険に
さらすために複数プロトコル経由でネットワークにアクセスしている認証され
ていない攻撃者が、Java SE と Oracle GraalVM Enterprise Edition がアク
セス可能なデータへ不正な UPDATE, INSERT, DELETEアクセスが出来てしまう
脆弱性があります。(CVE-2021-35564)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険
にさらすために Kerberos 経由でネットワークにアクセスしている低い権限を
持つ攻撃者が、攻撃者以外の人間が関与することにより、クリティカルなデー
タへの不正アクセスや Java SE と Oracle GraalVM Enterprise Edition がア
クセス可能な全てのデータへ完全にアクセス出来てしまう脆弱性があります。
(CVE-2021-35567)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険に
さらすために TLS 経由でネットワークにアクセスしている認証されていない
攻撃者が、Java SE と Oracle GraalVM Enterprise Edition の部分的なサー
ビス拒否を引き起こせる不正な権限を取得してしまう脆弱性があります。
(CVE-2021-35578)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険に
さらすために複数プロトコル経由でネットワークにアクセスしている認証され
ていない攻撃者が、Java SE と Oracle GraalVM Enterprise Edition の部分
的なサービス拒否を引き起こせる不正な権限を取得してしまう脆弱性がありま
す。(CVE-2021-35586)
- Java には、Java SE や SE, Oracle GraalVM Enterprise Edition を危険に
さらすために TLS 経由でネットワークにアクセスしている認証されていない
攻撃者が、Java SE と Oracle GraalVM Enterprise Edition がアクセス可能
なデータのサブセットへ不正な読み込みアクセスが出来てしまう脆弱性があり
ます。(CVE-2021-35603)
パッケージをアップデートしてください。
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
N/A
SRPMS
- java-17-openjdk-17.0.1.0.12-2.el8.src.rpm
MD5: 3e3b43a6586b47bbfd34cfb5e1e283f9
SHA-256: b440f4231dec3693b1c8e9dfd33594c1c01c7dbebfbc5cec6f4065ccb5f6e94a
Size: 61.41 MB
Asianux Server 8 for x86_64
- java-17-openjdk-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 1bfa717fd075be01754db9c9ff396e34
SHA-256: bcdf33872dbbc77e7f5122bcc94d22a0f353529792e6cf0180ebba0e293f594f
Size: 243.35 kB - java-17-openjdk-demo-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 4ddf70338586e85efeb854655aba8007
SHA-256: 8af38104eecdb9a93cd8ff2e59d62048473c7b7a29f8908f89a5366b315c37f2
Size: 4.29 MB - java-17-openjdk-devel-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 34da6ef58712de2ad6a023e40cc5a11f
SHA-256: 02b1092383391d61f978d471544b1cf77c04526174b9fed2ff720b3d4ecbda66
Size: 5.09 MB - java-17-openjdk-headless-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 3e5f8044670122c8260524ddc6efb3a5
SHA-256: b0203b424fefae85ed171777768e90439f124a262d7cd1e55c33474097d3c056
Size: 41.06 MB - java-17-openjdk-javadoc-17.0.1.0.12-2.el8.x86_64.rpm
MD5: ccb9ef0eee145e4454fcc269d5e2b9f5
SHA-256: 51ee5e015e5f4ba72fb1c25a301f12be81f800ec707faea887803edf2256447d
Size: 15.98 MB - java-17-openjdk-javadoc-zip-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 7452f9610a31c22f03e82e45b722ec2b
SHA-256: 3f0cf76c6cd78ea6bb8781fccf5ec13e011872668fd912cf0d65894ab34a7555
Size: 40.34 MB - java-17-openjdk-jmods-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 057172fd773d15c43f7f9afcbb414bc4
SHA-256: e7bb02eb72d5ff622d48669b01430136d96d5f22c347bc523a013a959e321a33
Size: 238.50 MB - java-17-openjdk-src-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 4844acfb41ec5ca13be45b5dc49f8c0d
SHA-256: a7b131df9a31bad34fa9ad9368afa1d8f5debc48f3157e1439e539d362d4914c
Size: 45.28 MB - java-17-openjdk-static-libs-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 504d9aabc4754b8b48e58bd479667456
SHA-256: a8aa4d207ed05b8ea8a9ce04a7d6ccef67249fcc9262b9604f74171b1465edb8
Size: 26.16 MB - java-17-openjdk-demo-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 543ab900fe2f236391e76f91b7f70dc2
SHA-256: ee970c36fd9d2d9e1bc0f4e77b18f79747976c82d3329f5e0ffde39e1be88f0d
Size: 4.29 MB - java-17-openjdk-demo-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 5b2bca6d232baf86ba9840ed79ede6aa
SHA-256: 68cec319bf82656ab48244adfbd29e9ce2b2cb64eb084f654024e166cc2a50b0
Size: 4.29 MB - java-17-openjdk-devel-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: eaeaea998bc66139f181ace5e9787c36
SHA-256: f038e25292519f89dad77a130b041f8aa3e098c87c83f490af339ff7133c6069
Size: 5.09 MB - java-17-openjdk-devel-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 3576ca5019fe7ebfa9ba299081ea13f8
SHA-256: a2ef52038e8d8b65f0de6dfb2d7e78a767a539a21ea4d836f897fc9b6d456248
Size: 5.10 MB - java-17-openjdk-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 5b99f03a29ff407d39f307fc17cb6442
SHA-256: c0815d6cbeec2ce3c58868b0d5581cebe20a11f39cf500f3b4cd868377354241
Size: 252.43 kB - java-17-openjdk-headless-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 058ffcc2c2c68a46b594e2fe35d770f6
SHA-256: f50f4f19317673cbfeb186345e5cc1d8b620324a839960ede4eae21be2056b8d
Size: 45.55 MB - java-17-openjdk-headless-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 1b7c85da65178ed0e2d552af33f1d4f9
SHA-256: 6b156fc9be11eac4a08d79b6406a029a5c05718ff1bc6bf06b7c58d8742e0dc6
Size: 43.61 MB - java-17-openjdk-jmods-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 3acb361d1896c4e5178f53c1f1dac9ee
SHA-256: e2a699222f73721ce28dfb1224c2e440d41b713e319ad60ec1e6a9cf29f21397
Size: 231.46 MB - java-17-openjdk-jmods-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 6c9bcaea8422c9cfecbc7d140aa2d2e5
SHA-256: c74f7564dc7b3ed91334699e31405c5ca1c41509d0231d61c8e236ad058f643c
Size: 171.76 MB - java-17-openjdk-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 9008ec34bd11d4eb96754f769fc58383
SHA-256: 4587575f2c6d92ccfce7a4ca0d4179501f7a70779b29fb3847dcd3f8a9e6a833
Size: 242.04 kB - java-17-openjdk-src-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: e7714a38b10beab8db65fdf3f339063b
SHA-256: f278762390ed5df3ecce43e21785fe0fcb44913bf8d0b9c39b7e7e9bc313ab24
Size: 45.28 MB - java-17-openjdk-src-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 2fac7375c1dbfa8ce743892df570a981
SHA-256: 91039975479fb5625b489fbdb614f858d504f9ae3e7fd067c6d9f6c589dde027
Size: 45.27 MB - java-17-openjdk-static-libs-fastdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 66ea35987e3ace83e39a79b92ea07985
SHA-256: a160f3935f0c87b2ac2d6150dfcec7cc05cdaada401d7a8b499260199df55c4c
Size: 26.35 MB - java-17-openjdk-static-libs-slowdebug-17.0.1.0.12-2.el8.x86_64.rpm
MD5: 79d8577a425f0d766b25086512ee0ed9
SHA-256: a283a2e6d16e05a4c1f389e7ed120b9a42bb2685ed6806e9bcf107f40b72cd61
Size: 21.48 MB