java-17-openjdk-17.0.5.0.8-2.el8

エラータID: AXSA:2022-3905:06

リリース日: 
2022/10/20 Thursday - 07:29
題名: 
java-17-openjdk-17.0.5.0.8-2.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

[修正内容]
以下項目について対処しました。

[Security Fix]
- openjdk の JGSS コンポーネントには、認証されていない
リモートの攻撃者により、Kerberos 認証を利用した
ネットワークを介して、一部のデータへの不正な更新や挿入、
削除を可能とする脆弱性が存在します。(CVE-2022-21618)

- openjdk の Security コンポーネントには、認証されていない
リモートの攻撃者により、複数のプロトコルを介して一部の
データへの不正な更新や挿入、削除を可能とする脆弱性が
存在します。(CVE-2022-21619)

- openjdk の JNDI コンポーネントには、認証されていない
リモートの攻撃者により、複数のプロトコルを介して一部の
データへの不正な更新や挿入、削除を可能とする脆弱性が
存在します。(CVE-2022-21624)

- openjdk の Security コンポーネントには、認証されていない
リモートの攻撃者により、HTTPS プロトコルを介して、部分的な
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2022-21626)

- openjdk の Lightweight HTTP Server コンポーネントには、
認証されていないリモートの攻撃者により、HTTP プロトコルを
介して、部分的なサービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2022-21628)

- openjdk の Networking コンポーネントには、認証されていない
リモートの攻撃者により、HTTP プロトコルを介して、一部の
データへの不正な更新や挿入、削除を可能とする脆弱性が
存在します。(CVE-2022-39399)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-21618
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21619
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21624
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-21628
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-39399
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-17-openjdk-17.0.5.0.8-2.el8.src.rpm
    MD5: 6ccaa0e5d96b3e620fa885cc850dff80
    SHA-256: 639ccee58a3d5c374830196e0c4cb020486c107c2ab012fb4bd0359b179b60c3
    Size: 61.44 MB

Asianux Server 8 for x86_64
  1. java-17-openjdk-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 7ec043e7c04e65ec27f94dcd88e882e1
    SHA-256: 6797a29bb9c682c38c95ea3bd485fbb6eee4029b8b3cf39af9d43b72b8fc2ed0
    Size: 253.81 kB
  2. java-17-openjdk-demo-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: d6394ce9d2bc4fed0ba2a12b6801aa3e
    SHA-256: b045271d34d4c550df84daadb2c6245d183300d1a248012e9666510d0b7dd894
    Size: 3.41 MB
  3. java-17-openjdk-demo-fastdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 54e95f797bac06051afda0dd7eba8a9a
    SHA-256: 9345ad965b2d66f21020685bcbbf2900301613310bb42f6b9dfc4d525e1a2f8c
    Size: 3.41 MB
  4. java-17-openjdk-demo-slowdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 64ed5d485844ca716e688565742cea54
    SHA-256: 8a5f02c318e9bcd8a7912a799745eda09e85ad77aac66abe77a45c83faba17c2
    Size: 3.41 MB
  5. java-17-openjdk-devel-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 64b72d9b5b4544ef4f847611311dec74
    SHA-256: 6bf49f7ad99faf03ec3131310cf111d7f5f032db9e559faa02d48f74edee12d1
    Size: 5.11 MB
  6. java-17-openjdk-devel-fastdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: df098c3bb7ab44dd7ebbb221d168dd43
    SHA-256: bac82043c59509e927f648dc681d09974480fe655835e9847bc92b695b78dddf
    Size: 5.11 MB
  7. java-17-openjdk-devel-slowdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: d548ef10975ec1dc1bae40799c02f2b6
    SHA-256: 309abef0a3d3eb82f485ad03c3dac6e0289611cb20524d59602e99ed0bd256c0
    Size: 5.11 MB
  8. java-17-openjdk-fastdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: ceee8e4430b653273eb9b24989b802d1
    SHA-256: 69549d1d5a695c27ff69ab9c70a74c188ac733c5af7b2f0a2a5bbec6f925bd6b
    Size: 262.96 kB
  9. java-17-openjdk-headless-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 1b86fc6d3881d91634e1f31c8736317d
    SHA-256: 15c84a2dcfa4570574186a7f521b61ad2fa3fb579d8b876e56be30119f26ec6f
    Size: 41.21 MB
  10. java-17-openjdk-headless-fastdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 1eb285e04ef9f88b4a84f721071f1447
    SHA-256: 62e5b543233f9651fd0238a1b61a964937394e88b1e19110603f1e3d56c57cad
    Size: 45.70 MB
  11. java-17-openjdk-headless-slowdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: cd6eb935f35e24fe155918438b912d9b
    SHA-256: ba5ae5027ea1e80418073cdec4ffbeb38b4b448c575c0790264b26db791f5bd6
    Size: 43.75 MB
  12. java-17-openjdk-javadoc-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 6edfb147ebb3b4c6c45bb0cd81e62ab2
    SHA-256: 8c0de5eb5755b57158b12f155990703008edd09eec81313f9fa511cf9c723e43
    Size: 15.96 MB
  13. java-17-openjdk-javadoc-zip-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 3a51e0eaf480e53f85e1d21d73a719a2
    SHA-256: 8bbc92e531f86fcc656c53c714cf47f5edcd35b59acf7d20682ebdffd3d8375b
    Size: 40.20 MB
  14. java-17-openjdk-jmods-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: ee265bdd5cfc44f7fc63f8f67d7adf58
    SHA-256: 3e485e3468c4eb3d7de080a2087ba69761337f0e7754e06f48173e0fee874bc9
    Size: 238.98 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 190d76e263d3fa53792aa650421e27ca
    SHA-256: d3ff5ece29633e581774f31b5985c535c028f3f835afefe5018f9864b15b9591
    Size: 231.78 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 67c2726f554b7f798ab93b506c8235f5
    SHA-256: 4bef08bd23aa61dfd003fa20a67ae47c1e6971abe17f8ce0509f212e04d575dc
    Size: 172.08 MB
  17. java-17-openjdk-slowdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 63552d47ff582d90745978931316458c
    SHA-256: cb5c2665c0837945f580acd983ba893366ce86e89cb30a365cbad1a588ed4f83
    Size: 251.94 kB
  18. java-17-openjdk-src-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: f88db91c84d9c6f68dd9166c67554956
    SHA-256: 227207e77eb7bbe91777cf50430226a3be276f69c0ac0d8a69d17a5d0842760a
    Size: 45.30 MB
  19. java-17-openjdk-src-fastdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 5d0a06bbbcc70c8e4e3a47a29f05e082
    SHA-256: 08e2aad8777d3b9e08d748b2106018de8ef17cd1e11edd20d0e43d9342e917fe
    Size: 45.30 MB
  20. java-17-openjdk-src-slowdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 899178f79522310bf58f39ef1c8aca08
    SHA-256: 39b0b4f2dc3e54ff08ed4de10f58e394efb29b9631c24a7c97594cecf6c81cad
    Size: 45.30 MB
  21. java-17-openjdk-static-libs-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 91a70d653d06a0d8db23946c0ed18d0e
    SHA-256: 60ad534951f2bc7dcc2092a9ca1eebb0dc90dffb49840114c47cb0e9a2566cab
    Size: 28.77 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 1533d46ccbf80db1a0c2f19801f24ee9
    SHA-256: 30fe009a4c29bd66c7cd2ef730ba714742cad5280b27f828440ed57973fd6c9e
    Size: 28.98 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.5.0.8-2.el8.x86_64.rpm
    MD5: 1b1f850bcf5a48a9bbdc3ac773e51057
    SHA-256: af9caa3b869774204a1a21f50f94e42db7af4b9b96c63f3f43845a95050dfb7f
    Size: 24.96 MB