java-17-openjdk-17.0.6.0.10-3.el8
エラータID: AXSA:2023-4811:01
リリース日:
2023/01/19 Thursday - 04:57
題名:
java-17-openjdk-17.0.6.0.10-3.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の JSSE コンポーネントには、認証されていない
リモートの攻撃者により、DTLS 経由のネットワーク
アクセスを介して、部分的なサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2023-21835)
- Java の Sound コンポーネントには、認証されていない
リモートの攻撃者により、複数のプロトコルによる
ネットワークアクセスを介して、許容されていないデータの
操作 (挿入、更新、削除) を可能とする脆弱性が存在します。
(CVE-2023-21843)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-17-openjdk-17.0.6.0.10-3.el8.src.rpm
MD5: 9ffe62c7d3a1d76fc5e96e75912334ae
SHA-256: e9555c033c3f1f277aceccd4d1e89d47835521b3e594761dbd6ca477aab3db94
Size: 61.50 MB
Asianux Server 8 for x86_64
- java-17-openjdk-17.0.6.0.10-3.el8.x86_64.rpm
MD5: d498cce54978b4b8c594ad228676c6b9
SHA-256: 252748821d4ae7cdd9642b2d9ca345d43d04ce6e9e708c0f33adee2f0db65a52
Size: 450.66 kB - java-17-openjdk-demo-17.0.6.0.10-3.el8.x86_64.rpm
MD5: e77bfe31e82e44be20f94713e894b4f0
SHA-256: 8330c2afd13ff9f60e89b61ff39ce9fb390e145e6ed645667871c462e4d21823
Size: 3.42 MB - java-17-openjdk-demo-fastdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: e729ee273d7f7d00c48fd4da84f6dad7
SHA-256: 724ea05a6c3f2e408d10d6d1e54531fa372fb4e44749fc0cb29cb00b56cc83f6
Size: 3.42 MB - java-17-openjdk-demo-slowdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: d4f14041bab3b4ca2ad5ccfb9b26c047
SHA-256: 7c35851513f3b8bd043345b22dca0ff57bdb58a46b75c8c5afe9aaf29be30b20
Size: 3.42 MB - java-17-openjdk-devel-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 794baceba6f91e871769133a1190bf44
SHA-256: 93ee9923fac7084ed6b823db259b1807306af30fbba22265ee8e52ce4d7f5479
Size: 5.11 MB - java-17-openjdk-devel-fastdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: e69eab16b9da881448a86a6e57538483
SHA-256: 78ffe19a3b381e217ac6c4c4db7843d5ea761a73c19caa05a5e67e9c96c3227f
Size: 5.11 MB - java-17-openjdk-devel-slowdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 25ae65992c3c7413e66fe95102294704
SHA-256: 58494cd328f0c262681bc689dc67a4fdca2cecc06a22cbcf003456c456c1283a
Size: 5.11 MB - java-17-openjdk-fastdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: da45d15525c5d888efc0cda3fcf88ea7
SHA-256: c4c527329ff38388fc4d541ac8b34fae408042bc0b053e394ff7f56cad8106a2
Size: 459.62 kB - java-17-openjdk-headless-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 05312cc636e322cb08a318c35d1ff111
SHA-256: 83a3e9728109847559386b9705addc1060e43646734b4f04713b226768ecf889
Size: 43.16 MB - java-17-openjdk-headless-fastdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 9044eed0163c0d3b5f285a653368f1e3
SHA-256: 65172e075c6fd2934ccac7dd53ef761fc3a64bcfacb8c1fc93b1d5b6aa733ba2
Size: 47.68 MB - java-17-openjdk-headless-slowdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: c71ef7a7d6985da1c806d3db67df24ae
SHA-256: cb16aa5bb018e239e7b3a806d8d179a9adb8945b2fdefab2e902f9fede3d1bce
Size: 46.66 MB - java-17-openjdk-javadoc-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 7c69eab6bd6ba7f17725d737366b0031
SHA-256: e7ef5f87ada562719b0ca6d9ab1308708fa214e9fbb63769bb844d4ea5045074
Size: 15.98 MB - java-17-openjdk-javadoc-zip-17.0.6.0.10-3.el8.x86_64.rpm
MD5: a0a57b10945228f325309405419be98e
SHA-256: 14e6e351c5a7718d1999da2e0194120980960aab578f6f671cb6213b31d8d11c
Size: 40.24 MB - java-17-openjdk-jmods-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 989e33106d139588fa0cf5e110fe0b41
SHA-256: e9ea0859a463f9eec0198442d2b3e8e00da7f9e8492380c1e081aff1d656cfef
Size: 257.54 MB - java-17-openjdk-jmods-fastdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 594625bbc608f8033683c1e77f29cea4
SHA-256: fa35752f2c6ec15e5089dcc10ef3ced91bd85e3b8d12b7be69364e56170f0d8c
Size: 250.46 MB - java-17-openjdk-jmods-slowdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 0a9211396bd5c0460d978e8783e3c9f7
SHA-256: e94cf44cc15a2b1c0da9e7fd2ac3034fbf36ac58abf4f3469b72d8f274b785b3
Size: 187.32 MB - java-17-openjdk-slowdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 6902a1ac97dbbbd60c58465b3bddd758
SHA-256: 948ebdef5ba938c3735dabfd91b8e82e194b5a4be3c406b4b1f5d6ba60b2ca30
Size: 422.90 kB - java-17-openjdk-src-17.0.6.0.10-3.el8.x86_64.rpm
MD5: 95e9d9b42319b9a47af5c57fae6aed25
SHA-256: 83b09be7335b8cfb43006d4f8e9978d0a95224a1a5a8b8ed4f061ce23698d8b5
Size: 45.32 MB - java-17-openjdk-src-fastdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: bcc5ad7a433fca65bfe71de74fa0299c
SHA-256: f77231354fb06245d455f1575f56b0f9135ec4960c750553d33b78d2de569114
Size: 45.32 MB - java-17-openjdk-src-slowdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: ce6abb60b0ef23a1bbdbd550629eaf15
SHA-256: 2932f325a8dc1849152824b785c06d3397433a36a113bf8bc79fb9ac88c1af20
Size: 45.32 MB - java-17-openjdk-static-libs-17.0.6.0.10-3.el8.x86_64.rpm
MD5: e3ab8c14a5f6a08d97dcab790fde7c18
SHA-256: 240a77d8a9c7afd1ec35ddaff82a3be4c29757467896e1b43ddea43b282bdf4b
Size: 31.35 MB - java-17-openjdk-static-libs-fastdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: a65b5137c340e89e489c31e4213a8fc4
SHA-256: 917b171dee0fca60513bdb81e7fc978d7f99e77f38f337a751f75f007b482d3d
Size: 31.56 MB - java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-3.el8.x86_64.rpm
MD5: a904f24dc9ab595e8f3572552705a596
SHA-256: fee8a50db31c43ac0f1c8946acc2cf520ed21651b482f90d190d32109f1bf552
Size: 26.63 MB