java-11-openjdk-11.0.16.0.8-1.el8
エラータID: AXSA:2022-3697:10
リリース日:
2022/08/16 Tuesday - 05:09
題名:
java-11-openjdk-11.0.16.0.8-1.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- java の Hotspot コンポーネントには、クライアント上で
信頼されていないコードを実行した場合に、認証されていない
攻撃者によって、データの不正な読み取りが可能になる
脆弱性があります。(CVE-2022-21540)
- java の Hotspot コンポーネントには、クライアント上で
信頼されていないコードを実行した場合に、認証されていない
攻撃者によって、java がアクセス可能なすべてのデータに対し、
不正なアクセスや操作が可能性になる脆弱性があります。
(CVE-2022-21541)
- java の Apache Xalan Java XSLT ライブラリには、整数
トランケーションの問題があるため、悪意のある XSLT スタイル
シートを処理する際に、任意の java バイトコード実行が
可能になる脆弱性があります。(CVE-2022-34169)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-21540
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2022-21541
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.16.0.8-1.el8.src.rpm
MD5: cb7fc9722a05384f4a2be1aa30d7b840
SHA-256: 4e83432a1b66b5a977a7fef8c7c8e02490285c9161bfbadf5ae658034bca9169
Size: 75.16 MB
Asianux Server 8 for x86_64
- java-11-openjdk-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 02760037eb467b30ce9d6fe2e51793a4
SHA-256: d8ef44b0b25961de19ca790dde1151b95866be7c6fc90a630f624cbe79814f6b
Size: 271.12 kB - java-11-openjdk-demo-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 7871de693a09ff52e4cdf4fffa925876
SHA-256: af75b19e270c182393b9fa74681cc9b4f01a1400531b4c17b5d8775e6e4c1980
Size: 4.37 MB - java-11-openjdk-demo-fastdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 45fa8951dcc01e4a4e8f2f74928704d6
SHA-256: 6a3d0caec8a5bc8f577bc2efcce9b365c0292448f8267d45f5f4cccbdadc7bae
Size: 4.38 MB - java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 87ed07e2acd57d60dc011104a0dab29b
SHA-256: 7935c3aba6ff6a8cc38543d4eeeb535f537c40476163b5ae4edbc0f87d7b1003
Size: 4.38 MB - java-11-openjdk-devel-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 83f5f50d43b0db8261dc23f5fccfe8d1
SHA-256: 831493638e59a0f52b9b4d60ea4c10520ba7a6e108fc2b310980fc3a5e129536
Size: 3.38 MB - java-11-openjdk-devel-fastdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 4ee91c000551d5bb480b1dc66582d321
SHA-256: 053cfd72ac585e4a42cb8f14b4b9d3aaf67843e87af3b1b43a183f9751aa2281
Size: 3.39 MB - java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: d8be5b2c8ae7bdb351184492b1b04cd4
SHA-256: ae386dc1f7e8353b257790dd52280ce3febcd7d9045e887d7950d90f22b57e41
Size: 3.39 MB - java-11-openjdk-fastdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: ee57b50647826f7f037885b7a0261dbe
SHA-256: 714cdd2e3de7d69b22c76e2d45057aec158c61d8c036b9d22e1feca87a5f736c
Size: 284.60 kB - java-11-openjdk-headless-11.0.16.0.8-1.el8.x86_64.rpm
MD5: a05f3635edeefe5a6c9e507cb0a78346
SHA-256: 5c751dc69fac3f7438d0f94af3523896a62e5b71e4f52a375d8f91e0cc17096a
Size: 39.64 MB - java-11-openjdk-headless-fastdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 71701d8872fc13800bda042dcc4d23f5
SHA-256: a7f13606ca8a0c97fe43455205ab46c84bcbad86d32aa4e0a95c6de3b66aa3c9
Size: 44.62 MB - java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: d3904f83fae106242c86b93ebc8484a2
SHA-256: 73c695d97c9af5e26d90b636d0b4b3d2dbf851c490998887d5574e94568850eb
Size: 43.04 MB - java-11-openjdk-javadoc-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 229800f412761a9047bf1143504ca62c
SHA-256: e7c34c002c8dc51da37a0fcb2636d46030410eb62c4bbe83e29e389e409d4d5a
Size: 16.00 MB - java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 754109628a2c84c309333a3f43d6da28
SHA-256: c1e6bf606efd6ec7fac954400b995de9e0941f5f9467a1986c629218be0228bc
Size: 41.99 MB - java-11-openjdk-jmods-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 523b4e629d502ba78174723d0218fa5c
SHA-256: 6f432a2e00d4d4cc9ffcdbfcadfad34b4624db9849d21aa24e080b9118936773
Size: 318.77 MB - java-11-openjdk-jmods-fastdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: fff161d8d844bd2a054541b5a0602479
SHA-256: 640afbdaa6538636e01dd768edab8835a7e6c51c819e120209a4d3f986f9c245
Size: 273.89 MB - java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 9a62c4bcdc74311bdded75740a072bc6
SHA-256: 6c13c73aca32aee338b697dae185acce1be014f0148f18cd5df71942ffc9a1b8
Size: 210.43 MB - java-11-openjdk-slowdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: a388391c1c4f3b5b78ac84caf14678b0
SHA-256: cb7912ae1cc51b47d532316fb9afde2331df6f8bb10ac3d266f60293218ba821
Size: 274.21 kB - java-11-openjdk-src-11.0.16.0.8-1.el8.x86_64.rpm
MD5: a8ea2b911ec6b6d68ac330315643de8e
SHA-256: e497b737df007720b50e635fc484a642a2742a97b5689b230c084d9c5168d2a8
Size: 50.43 MB - java-11-openjdk-src-fastdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 47366eca3ccc8b3b37e7f9420ab6371a
SHA-256: 919690fea894a275b448af1e9e96ba3611912dc35a56b020e4a1783486779e74
Size: 50.43 MB - java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: dd55503bc19af1769fdf06e020b2452c
SHA-256: 0972fe0d44da320a0eff53360424e742c70dd8b99722c28f92f4e844886a839d
Size: 50.43 MB - java-11-openjdk-static-libs-11.0.16.0.8-1.el8.x86_64.rpm
MD5: d410b30bfb2ecc273a2d0bbfb723e14a
SHA-256: 4241f983998c77b3afdd6d3987ae8dda77e5d671e989017a43a0bd48d6772891
Size: 24.00 MB - java-11-openjdk-static-libs-fastdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 30f8756a401419df06179d0b76f48814
SHA-256: df153c1457ef659adbce11cc6b34cb8d46a01fcac4919e1734965b610975a31a
Size: 24.24 MB - java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8.x86_64.rpm
MD5: 98951b88804a4426b0f819d705b5615d
SHA-256: 0e44b913d696d564515dfd63936564ef5d15b1215c3ed7442428b57d9eed79f7
Size: 20.72 MB