java-17-openjdk-17.0.4.0.8-2.el9

エラータID: AXSA:2022-4018:08

リリース日: 
2022/11/10 Thursday - 04:53
題名: 
java-17-openjdk-17.0.4.0.8-2.el9
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- java の Hotspot コンポーネントには、クライアント上で信頼されて
いないコードを実行した場合に、認証されていない攻撃者によって、
データの不正な読み取りが可能になる脆弱性があります。
(CVE-2022-21540)

- java の Hotspot コンポーネントには、クライアント上で信頼されて
いないコードを実行した場合に、認証されていない攻撃者によって、
java がアクセス可能なすべてのデータに対し、不正なアクセスや操作
が可能性になる脆弱性があります。(CVE-2022-21541)

- java の Libraries コンポーネントには、認証されていない攻撃者に
よって、java がアクセス可能なデータに対して、update や insert、
delete が出来る脆弱性があります。(CVE-2022-21549)

- java の Apache Xalan Java XSLT ライブラリには、整数トランケー
ションの問題があるため、悪意のある XSLT スタイルシートを処理する
際に、任意の java バイトコード実行が可能になる脆弱性があります。
(CVE-2022-34169)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-21540
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2022-21541
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2022-21549
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-17-openjdk-17.0.4.0.8-2.el9.src.rpm
    MD5: cee8334af9adc5e46e5c55908dedd3e7
    SHA-256: edd22d081ab17b43c25c056f77675d36c97b4e334666a61a3a3e0b4266f97e45
    Size: 61.24 MB

Asianux Server 9 for x86_64
  1. java-17-openjdk-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 3458953a0cdc76affccf4f7a12053f79
    SHA-256: 020a48da62c9b68e6ef4e4539bd4b266d6699f9c2dc103f764e254e3c8110c41
    Size: 236.78 kB
  2. java-17-openjdk-demo-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 08be896cc5e48c548b3461f6ff823b2c
    SHA-256: bf0cf83ff2f6c4db81c486e282ea4ea4de35464ab5b03c42911c0985f4603a95
    Size: 3.37 MB
  3. java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 3fb0dcca6ec4e4316d3d4e2f5da9d903
    SHA-256: 809e9c59e6ca5a2c54b7bd7ce6c883f062ebc5d89cebfff1fc8255a3165924b6
    Size: 3.37 MB
  4. java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: f539a31b40ffd98c963677fc983e1457
    SHA-256: 6d58abaeac87c838f0cc2205b8d6d8cabdad0f82c6663b88b180ed65e7f01c7d
    Size: 3.37 MB
  5. java-17-openjdk-devel-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: e6ddb47f68f9c603c603cdb1b2400b06
    SHA-256: 65fadaa5d9e932d885b8fa942bf53dfb43a12845e5d52367301d1a405698140d
    Size: 4.72 MB
  6. java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: d1b13237df1efb6c7cda8d77e97549fc
    SHA-256: e53c70f1c332d9a635f22fc020b03966f92fae9e59deeea76cf4f9edc6933183
    Size: 4.72 MB
  7. java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 730a33b353bb999da92a9e54fe5c13c4
    SHA-256: abd2a722d6ec9128f495a0b9b97694826bb987ce09f1ffcc96e5ae59f61b49df
    Size: 4.72 MB
  8. java-17-openjdk-fastdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: a54689945ddf90066e9acac11ab441b2
    SHA-256: e21f8b4a1600325f6e1ad823332003d94f01f570f2bbc429e514cd85d8a391f4
    Size: 245.96 kB
  9. java-17-openjdk-headless-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 9552f36a43727dec58661f9fecb86e4a
    SHA-256: 4f6251f1d2d8454759153a1a0cab90b5dc385b8dab30b0394932173b6681d3ed
    Size: 39.80 MB
  10. java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 675992725a566ac073c45cebec6116f2
    SHA-256: ae09182b18d967f873f1ecf7c6a9029aa699894bdf3a0316160c57abd38fd4be
    Size: 44.92 MB
  11. java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: d981f4b46e8ee42a8da1c1033c27f184
    SHA-256: 557f401caacb2d4e3ff6607a09f7ab07270f8c9decd66a296c246f3408de58a7
    Size: 42.43 MB
  12. java-17-openjdk-javadoc-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 673b170e6ae0cb822e765177bb77e69d
    SHA-256: 531b8d23c0814b226a523f7e8697e4ef8456e19a524f01e85d34c3129fc964a7
    Size: 12.48 MB
  13. java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 826c5204de5648c54f4cf9b6e25b2b89
    SHA-256: 4c5f218deded9896711b4362d438397e8319d8efeddb1fd331b5fe146e198814
    Size: 39.41 MB
  14. java-17-openjdk-jmods-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: e633419b514ab97e2cf235a30ae5cf81
    SHA-256: c7a6f1b265051a3ddad72139ab918e2de36bb094e9157eacc1238c8924e2bae9
    Size: 227.87 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: acac2556615da539eacddb3da3959e14
    SHA-256: d2a5437961876e3419086e93e5c8ade39211acc3e293dc261785357ee8f82430
    Size: 227.75 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 3f2e7513a15825026f9b37b9b8bdbea6
    SHA-256: c493f49c6538d08a5fc338e38d709ae35cf33b2a08137654d02c654966be7932
    Size: 162.41 MB
  17. java-17-openjdk-slowdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: d5c9dc05ed2eff79e3937900919d0f4b
    SHA-256: 91fa7914532f812bfe3f8b770935f48004323bc108d268d011a01e5d1f3eecbb
    Size: 234.81 kB
  18. java-17-openjdk-src-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: b096a3336b4656305021d2769c9f2b18
    SHA-256: 565c486c7cb0bb367b7ea59f896b9c7cd781131d811865f802f0f45deb2afa58
    Size: 44.64 MB
  19. java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: cd19f684a953d176f7a71301dee0a338
    SHA-256: 09af9dd12f4450967ead0d6bdc3fa62416086bc2a0476f11276e461634ea0aad
    Size: 44.64 MB
  20. java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 91795392f3f6d7523788ef1074240ec0
    SHA-256: 775b7bd790eb227e9dfa3dc6c7ef970376682666ca30d84db3ac46c4d315a74f
    Size: 44.64 MB
  21. java-17-openjdk-static-libs-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: b3dfdf60f6a9f181e912c7afaf18377b
    SHA-256: 5dd054a53afbba9da6ac976ae72d1e9cb3685a25fd96a02baf86fc793029d283
    Size: 23.00 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 21a744896d586f2ca2037059aedfa491
    SHA-256: 054adde048d58086d41e4009b14376b80d5a92dce861b48091ad80f65c418522
    Size: 23.17 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el9.x86_64.rpm
    MD5: 724bb8a219324d29859e3e70e1ea4cc9
    SHA-256: 925d7a79830f4e911105c31185021e3858366473515c0adb56139c125375bfe3
    Size: 20.47 MB