java-11-openjdk-11.0.17.0.8-2.el9

エラータID: AXSA:2022-4117:18

リリース日: 
2022/11/22 Tuesday - 15:12
題名: 
java-11-openjdk-11.0.17.0.8-2.el9
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- openjdk の JGSS コンポーネントには、認証されていないリモートの
攻撃者により、Kerberos 認証を利用したネットワークを介して、一部
のデータへの不正な更新や挿入、削除を可能とする脆弱性が存在します。
(CVE-2022-21618)

- openjdk の Security コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを介して一部のデータへの不正な更新
や挿入、削除を可能とする脆弱性が存在します。(CVE-2022-21619)

- openjdk の JNDI コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを介して一部のデータへの不正な更新
や挿入、削除を可能とする脆弱性が存在します。(CVE-2022-21624)

- openjdk の Security コンポーネントには、認証されていないリモートの
攻撃者により、HTTPS プロトコルを介して、部分的なサービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2022-21626)

- openjdk の Lightweight HTTP Server コンポーネントには、認証されて
いないリモートの攻撃者により、HTTP プロトコルを介して、部分的な
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2022-21628)

- openjdk の Networking コンポーネントには、認証されていないリモート
の攻撃者により、HTTP プロトコルを介して、一部のデータへの不正な
更新や挿入、削除を可能とする脆弱性が存在します。(CVE-2022-39399)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-21618
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21619
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21624
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-21628
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-39399
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-11-openjdk-11.0.17.0.8-2.el9.src.rpm
    MD5: a845f5d2dc765c4676040dfae9860f7a
    SHA-256: adccc72c21c4e4c60f8e9959a29c7be10ca618b8a123b92e19aac05909905b62
    Size: 75.29 MB

Asianux Server 9 for x86_64
  1. java-11-openjdk-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 06df6bdcfd954c1bfc7f42e802543ee5
    SHA-256: b14cef47e7db459e43d0739171e6553a5866489df2b6822d677e24e081dd407d
    Size: 246.78 kB
  2. java-11-openjdk-demo-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 381eea9972beb5fe9e6d1e211483b1c1
    SHA-256: dffbf5d8721dc0719442d8c1dd618647830b5624c3d2f588ef4ae51f2bc35810
    Size: 4.31 MB
  3. java-11-openjdk-demo-fastdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 336ddfeb189626ee47bd072c3fe61255
    SHA-256: 7652c6fe78d0a2a1fe7c6df1185dfae51cb31e3995d7fbf5b39548bb2cf1ac71
    Size: 4.31 MB
  4. java-11-openjdk-demo-slowdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: bb6db4eb808d5cfa8add56fdb1b5e24f
    SHA-256: 799791cda9c762b513c3b2950c01376f8cb4ed5d832135047e8bdcc790bafec5
    Size: 4.31 MB
  5. java-11-openjdk-devel-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 615c3769f412ac6c0deeabe9baad4cec
    SHA-256: ebae2943f7bede50dc4fb20714ad9b78b3813aebc136af73902d3b9231be4956
    Size: 3.29 MB
  6. java-11-openjdk-devel-fastdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 3efbf6bbcc8e9e1c8ce971c0d71aa4e6
    SHA-256: d16bd6cb78ebed8610f5712927365341883da24f583958c460598ce192e473b8
    Size: 3.29 MB
  7. java-11-openjdk-devel-slowdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 3b724c8e7ffc6bf7ecaec12cea2b41f1
    SHA-256: 6adf56ce762dba479c501c07e0bb992746b05fc60fba00ea55aa1c02b6aa25ae
    Size: 3.29 MB
  8. java-11-openjdk-fastdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: a3d74b36759539b0c8da32a49d82b335
    SHA-256: 7ffc76833300086aa43e06031eb9425c8b066f2a0318f1d21b56150b7ecc1aa7
    Size: 259.47 kB
  9. java-11-openjdk-headless-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: ffffd1e1b64fa90e480d899e46780e0d
    SHA-256: 6a1add74fca5b800b000cf13f65ecb6603558d0bdecf70cba5f72deee695ab38
    Size: 37.91 MB
  10. java-11-openjdk-headless-fastdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 5fa5ce8073f5578d9f130e18c14e033a
    SHA-256: 054778bb42be7c4df51844d99e6596bfeff6e4bdc9c93880ecc1825110884924
    Size: 43.43 MB
  11. java-11-openjdk-headless-slowdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 891d7117f81f1092f17f666e8ec33ca7
    SHA-256: 7eb91020c42ac68ca0e20f3bf6a1bac91f78e95e4b7c173a95e42988a940bba2
    Size: 41.34 MB
  12. java-11-openjdk-javadoc-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: c3dae4e3cb1e5d5e7150b3f35583b219
    SHA-256: dfa1485082e7181bc13c2940ac1fb1cf6a5c767ebbddb65365aa681ab78d593b
    Size: 12.61 MB
  13. java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 0bc14703676ffa2ace9d8856fbea3073
    SHA-256: 56663d5089fc965b178dc0a4ad9949885a452c43629d0fde24de4be727f98449
    Size: 41.13 MB
  14. java-11-openjdk-jmods-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 9e64ee1998e5ec192430f2bd709ecfae
    SHA-256: ecb101bc4760630cbfda600b71874a278ee7a58b16004f15e9107d97a416d520
    Size: 301.30 MB
  15. java-11-openjdk-jmods-fastdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 350ad179ee198aa4dd333533b1d2f9b2
    SHA-256: 6b6989fad509d5c3c97d105c2848cfa83285d36770e2d34c8e1710c1df417b02
    Size: 262.24 MB
  16. java-11-openjdk-jmods-slowdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 04f7395a08c862891fad6b45985f6b3c
    SHA-256: d3b27af3e3ddcf44f6c8dca5740a02b94d0e1e73dd9f7aba041dfc80d3132952
    Size: 193.47 MB
  17. java-11-openjdk-slowdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 885e1964fdabcf4af68f60acc74b2890
    SHA-256: 319dcfe77971c0ccad44fa3037212a5307fd8a820351027682f5c46cbf937290
    Size: 249.05 kB
  18. java-11-openjdk-src-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 961c3e8b48bfaa60a9b49d7f035e50f4
    SHA-256: fb6b8d1fc5b78cdb55152f3d865d8e44d3e58ae62b5cad2abb6aa03c09279c7b
    Size: 49.62 MB
  19. java-11-openjdk-src-fastdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 601002aba31aab873ba5c0a9181b4747
    SHA-256: 81daf81184026460b8be5b97318a7b165f513991871cdb45bf4366d5df1fce9f
    Size: 49.62 MB
  20. java-11-openjdk-src-slowdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 0d7eb589400b91cacad548da7e1910ef
    SHA-256: 74d9fa281ea9b07e813b20719bb2aa56183d06c252cd58bb5c0d45110e24dfdb
    Size: 49.62 MB
  21. java-11-openjdk-static-libs-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: ed79b9b447885e9feef148d5bf8280dc
    SHA-256: 3e554d26c1982f4d36ad7997ef6a9e22295a67b4631b443a08d5075eef229151
    Size: 24.35 MB
  22. java-11-openjdk-static-libs-fastdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: 121cf63564b49084f50e392bb81eb493
    SHA-256: 3c87ad7fa0727420ebdedf436fb1f31963e63b1f40e615f3fedb640b6d321caf
    Size: 24.62 MB
  23. java-11-openjdk-static-libs-slowdebug-11.0.17.0.8-2.el9.x86_64.rpm
    MD5: c8c7f9978ad48b8c9276c3f5cb7a4c40
    SHA-256: 707c1f250750a9a3b0774323201a4fa384a23576f21545dc891d00495b02f9bf
    Size: 22.37 MB