java-1.8.0-openjdk-1.8.0.332.b09-1.el9
エラータID: AXSA:2022-3957:12
リリース日:
2022/11/01 Tuesday - 09:40
題名:
java-1.8.0-openjdk-1.8.0.332.b09-1.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- java の JAXP コンポーネントには、クライアント上で信頼されて
いないコードを実行した場合に、認証されていない攻撃者によって、
部分的にサービス拒否攻撃が可能になる脆弱性があります。
(CVE-2022-21426)
- java の Libraries コンポーネントには、クライアント上で信頼されて
いないコードを実行した場合に、認証されていない攻撃者によって、
java がアクセス可能なデータに対して、update や insert、delete が
出来る脆弱性があります。(CVE-2022-21434)
- java の Libraries コンポーネントには、クライアント上で信頼されて
いないコードを実行した場合に、認証されていない攻撃者によって、
部分的にサービス拒否攻撃が可能になる脆弱性があります。
(CVE-2022-21443)
- java の Libraries コンポーネントには、クライアント上で信頼されて
いないコードを実行した場合に、認証されていない攻撃者によって、
不正アクセス等が可能になる脆弱性があります。(CVE-2022-21476)
- java の JNDI コンポーネントには、クライアント上で信頼されて
いないコードを実行した場合に、認証されていない攻撃者によって、
java がアクセス可能なデータに対して、update や insert、delete が
出来る脆弱性があります。(CVE-2022-21496)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-21426
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-21434
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21443
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-21476
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2022-21496
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.332.b09-1.el9.src.rpm
MD5: 008b86b31c91b367e9604fc66297cf36
SHA-256: 16063b4b4dd734203affbca6414f62eeda315fdbc3f5a80e7d3854df969c05d4
Size: 55.66 MB
Asianux Server 9 for x86_64
- java-1.8.0-openjdk-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: e112fc24143caebc04e5a41648a66a11
SHA-256: 67f99504c1b50e9b80a06f4001589f3935d67152aa9bc8ab6dcca313ba00a077
Size: 271.65 kB - java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: b07448db9684acab6227f83935d4d754
SHA-256: 7c482d920c0fb43a3548e298968004ffcb2f46b0f8d065c5aa2ff15836cdee22
Size: 1.92 MB - java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: 87005ef1e91ebf9757438e0cac5dad33
SHA-256: c4a0c50d9bbf514251b467794aab12323ed35063b89fc999cacdf7cdddd60716
Size: 1.94 MB - java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: a9b697ae1aa0d094bf878e553ff6532b
SHA-256: 008d7c4b7cc1390263fa44774f603779449b4b266a7afc6a07861f80a05dcade
Size: 1.94 MB - java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: c604e90ebcfd1dddd4c956573a8887eb
SHA-256: 4c749dfe8b6161d15ed059db1ef9511a258296d0e88d1c0edca4c0bd4ba748c7
Size: 9.28 MB - java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: e87223f13a26361c4e05400fe3996bc1
SHA-256: ee13a6e5e4712a8e0cec381b0a069da567c4c6bf72162b39f7011ac4c1b6a0ff
Size: 9.30 MB - java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: 010960ca0620d4740a861d6873a3d588
SHA-256: 715b8942e66be7b21580f5bdb1384cd33606490407484e387ad9ba5c7b88e572
Size: 9.30 MB - java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: b582efead24fefe8d68a04170ebc6454
SHA-256: 062452fb3530461d7e0388cb6b6ab8fd04740001ca744e56e0691aad55dc8f6b
Size: 285.01 kB - java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: ae1d9c2d9cbfd39c5d113b7fa1c672d4
SHA-256: 31c5493d9d9c89e51917027dd6a331089c225eee1b5aba568520ab60b8e0555c
Size: 32.84 MB - java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: ca31a57e5c6dbbd03dbee4c1a829c71a
SHA-256: 7e7e1b9729609777fe78afbafb12f991458a7ff90197285cdc2058b802899114
Size: 36.67 MB - java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: 3b1239898c43445eaa56f36e60a5b1c5
SHA-256: 6f36a784b3f0599abc0aef8e95ff45f93e149aba9c2e6c48b54ed67ff9191ed7
Size: 34.51 MB - java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el9.noarch.rpm
MD5: 9a1af283a3f2879dd99155e0abadd7e6
SHA-256: 4509aaffdf706978e394eeaf17399653aa30fd9b3d077bfe5f3715af621a0ba1
Size: 11.86 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el9.noarch.rpm
MD5: 74e5bc7519dfee3a71cfcd03ed168c53
SHA-256: 0bf8cbbc3bec45ca05802fbc1bbd72d5dbfaf294153c8f7dfe0c2f2b9ceccbf2
Size: 40.74 MB - java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: 52a0de12f8dbbcc914aec95c0fdfeef3
SHA-256: 0a57ba6399e22c496806f31d833ae2491a893949b32596c7213d5883f1be306a
Size: 276.31 kB - java-1.8.0-openjdk-src-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: 9b89db1f798febd208347404bcaf373d
SHA-256: 9e6ad2c2298c7ad801ffb7209195dd477da183385bd03c124b5bbed5d54f7854
Size: 44.61 MB - java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: e4f15bc298f01f52d2431b4487bc0029
SHA-256: 2b72c67d3c44c43a9be7283a353de15d3235af8e0b50a8cdc7231d6ab80b2438
Size: 44.61 MB - java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el9.x86_64.rpm
MD5: b9f97f26185e43f0c2bac219c270b6a2
SHA-256: 8c270b6eee7e1392575c9dbe6495dfe803ad7815d49eb91bbdffaf60e9eff158
Size: 44.61 MB
English