java-17-openjdk-17.0.5.0.8-2.el9

エラータID: AXSA:2022-4116:10

リリース日: 
2022/11/22 Tuesday - 15:04
題名: 
java-17-openjdk-17.0.5.0.8-2.el9
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- openjdk の JGSS コンポーネントには、認証されていないリモートの
攻撃者により、Kerberos 認証を利用したネットワークを介して、一部
のデータへの不正な更新や挿入、削除を可能とする脆弱性が存在します。
(CVE-2022-21618)

- openjdk の Security コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを介して一部のデータへの不正な
更新や挿入、削除を可能とする脆弱性が存在します。(CVE-2022-21619)

- openjdk の JNDI コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを介して一部のデータへの不正な更新
や挿入、削除を可能とする脆弱性が存在します。(CVE-2022-21624)

- openjdk の Security コンポーネントには、認証されていないリモート
の攻撃者により、HTTPS プロトコルを介して、部分的なサービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2022-21626)

- openjdk の Lightweight HTTP Server コンポーネントには、認証されて
いないリモートの攻撃者により、HTTP プロトコルを介して、部分的な
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2022-21628)

- openjdk の Networking コンポーネントには、認証されていないリモート
の攻撃者により、HTTP プロトコルを介して、一部のデータへの不正な
更新や挿入、削除を可能とする脆弱性が存在します。(CVE-2022-39399)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-21618
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21619
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21624
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-21628
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-39399
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-17-openjdk-17.0.5.0.8-2.el9.src.rpm
    MD5: 8ea294b0fefab906660293138fe27424
    SHA-256: 94158b80027087dbb5b79f0bfb2e17a96c8c0f8c8425bc8c4fdda0de091ea83f
    Size: 61.42 MB

Asianux Server 9 for x86_64
  1. java-17-openjdk-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: a6495804d24fd2896d0078d0a00c5096
    SHA-256: 0504991d752a20ffb5155dbbb24bb061030c9f4ff6a124e6174f8043944aeb30
    Size: 237.34 kB
  2. java-17-openjdk-demo-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 3b041c305a9fa869608ff830c74ddcd0
    SHA-256: 5618fea53a4127b05b0928be3a9807f801f91b84327126c3d3c723071fa9883c
    Size: 3.37 MB
  3. java-17-openjdk-demo-fastdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: c47e3735e61c814d3445ca490ad56b71
    SHA-256: b556defc2fc1ec81a1044b02bc8a11ecc1f75a62908de99b5c4ad051e2bfae18
    Size: 3.37 MB
  4. java-17-openjdk-demo-slowdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: b73b432da73ee06e43950ce6d08d0a35
    SHA-256: 20e4968cc58dc2c114506b01a92bced20b6757e04f861b28e90cbb9097457534
    Size: 3.37 MB
  5. java-17-openjdk-devel-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: dfc900d7709b3e0a9b91841ad2fe2f70
    SHA-256: 8d27370cdd5b46eec44591fd65eda3b8dd3f763559d2f4b6e2a8244bf2a40ddf
    Size: 4.72 MB
  6. java-17-openjdk-devel-fastdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 90106070dcd9a2b9185fd31405824c3b
    SHA-256: ed9ed02edb5781df46e9aadfcb032a392c9e694dc977abe31964badf4d6120c8
    Size: 4.72 MB
  7. java-17-openjdk-devel-slowdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 095c896f4ad93543f64e34a530398d6c
    SHA-256: f6d1087b67c9751244597526f950edc135a8ae64b528ed80191f5ceafb0a1d15
    Size: 4.72 MB
  8. java-17-openjdk-fastdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 42622b25912313112e8e4384cb42b9a5
    SHA-256: d39352ad9ca5677af35079e5cfcadeb2239f30ca213e5dd46ce08a53a105b854
    Size: 246.35 kB
  9. java-17-openjdk-headless-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: d312043828252c186d775249261d8897
    SHA-256: b2f3d847c77069f10496aa333b20b8c59aa22004a1ec15d3d1ff04fc87d304b0
    Size: 39.81 MB
  10. java-17-openjdk-headless-fastdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 4d02be017f563131642270848dbe6139
    SHA-256: be549bdab2e84246679942edbe62b04597ae6b7f66614a286925a23ad18854af
    Size: 44.93 MB
  11. java-17-openjdk-headless-slowdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 70848ec2f6d97cc7bf911cb5a125a583
    SHA-256: 82b9d75668f0fe08d040e6381bdc6c4cc29152192757033e47fa21d146a32da3
    Size: 42.36 MB
  12. java-17-openjdk-javadoc-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 03097be5558901213fe146891ae88c9a
    SHA-256: ebe46e61d65c851a60251b4d4b2d84d6d1e05948903f38770b94d09354fe13fa
    Size: 12.46 MB
  13. java-17-openjdk-javadoc-zip-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 98650b1cd1679585c97141f517ad140a
    SHA-256: b5d04b9e17c48684e0fb65140e0974571d02c609c2cef39639002cd292f87410
    Size: 39.40 MB
  14. java-17-openjdk-jmods-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: a0567ba474421f5879c449760ed5ef6c
    SHA-256: 1a386a73734d99cbe1d9910174f73b4832fc3d72ed714f758beefd78ed599317
    Size: 228.01 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: b9be3d74dc0b4acee4d2509b75efd90b
    SHA-256: 34267ff4c16f554e8868a82ce42d19e291cedafc3ed4866a5b1f0a9fda9bd979
    Size: 227.84 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 7fccf9962e1bb25de5d51b5c6b33cbd0
    SHA-256: 957b3a33cac3834ba5cba10104ec7d320db1bd090623c83b930c2247ea89874a
    Size: 162.49 MB
  17. java-17-openjdk-slowdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 7303cd9f0be6da21b054f029cbd51d49
    SHA-256: 1b6db1ebfceb34e52cfd74f3f47d9552b2b3351ddcb4f64ea43b70e79e4b161a
    Size: 235.04 kB
  18. java-17-openjdk-src-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: f5096365b92d63992da743313eb89316
    SHA-256: dccffc42f95eb7137e0ca3c927541e2e63b632eafb5f16944aa579bc5e03a5a4
    Size: 44.66 MB
  19. java-17-openjdk-src-fastdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 98dde1b841aa70e921f437923c182dde
    SHA-256: fc7f0ee753587c6ae08289d5a2ddb95ad851f39758c5af35e0179ebc87e3d382
    Size: 44.66 MB
  20. java-17-openjdk-src-slowdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 27bf05f3ea2541a18ac1516f6c517354
    SHA-256: db6c1e4fc0cf95018fe554bb145c21c95fbde690d127c0b48da2da79892d2eef
    Size: 44.66 MB
  21. java-17-openjdk-static-libs-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 0edac620f69df9bdf0a273425f58406f
    SHA-256: 39437adfe4801253edaf8374c8cafc3d17b8ce42aff0cfbcdcf00d51ff4f6bdf
    Size: 25.58 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: 197bcf6d421e44b9d69a2a7edc8905e3
    SHA-256: 1fb838c3d963cc65194d88166d993fe48388565c67b56902449e1451eb6938e1
    Size: 25.75 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.5.0.8-2.el9.x86_64.rpm
    MD5: eee907724c797ae12d0574e9aa6cfaa9
    SHA-256: 066a1d73b1a8e6f27f06bdccff4c03d21ff18ca7e73e070b42cf8f14947d6d20
    Size: 23.16 MB