java-11-openjdk-11.0.18.0.10-1.el7
エラータID: AXSA:2023-4847:03
リリース日:
2023/01/24 Tuesday - 05:33
題名:
java-11-openjdk-11.0.18.0.10-1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の JSSE コンポーネントには、認証されていないリモートの
攻撃者により、DTLS 経由のネットワークアクセスを介して、部分的な
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-21835)
- Java の Sound コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルによるネットワークアクセスを介して、
許容されていないデータの操作 (挿入、更新、削除) を可能とする脆弱性
が存在します。(CVE-2023-21843)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.18.0.10-1.el7.src.rpm
MD5: 947f40d35c74b61be2215a3f9bf63744
SHA-256: dd3ac08c502d057a9e545b0512716a688e01a7184b81c51bd0a88e1f468cf2c9
Size: 75.30 MB
Asianux Server 7 for x86_64
- java-11-openjdk-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 19b639d7cdbb6c5d1a2cb18e0402bd4b
SHA-256: 7ed10ff73b1d88c4952105f94001177e65b9d8851c1f2d76f2c099df8f97dbc8
Size: 237.67 kB - java-11-openjdk-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 6376d161a70ab8e20710de5550be9309
SHA-256: 53f3a91d9b8d76027a3d7a95ed8e4603710a3a39a9b5c844a6e2b326c60c9439
Size: 242.92 kB - java-11-openjdk-demo-11.0.18.0.10-1.el7.x86_64.rpm
MD5: baa2161b47585812c50fb1d5ee78dd0a
SHA-256: 8df2f2a8a3ff8df7fbab55a91cdec83f63ae65e753c99a1a0856c438cdecdf48
Size: 4.36 MB - java-11-openjdk-demo-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: ad4d8bea64c155064ba83aeecf6cf081
SHA-256: 0965dae2cc3a3196624cf39826a4752a5cf6b21b6f1012bbb2808f63222dde54
Size: 4.36 MB - java-11-openjdk-devel-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 3d277b7b89e25459b1845323945fda25
SHA-256: 2d7bb3202b797bf50db60b0806d1cd218e6aace5ba2d70ae309877a5a3cda07b
Size: 3.38 MB - java-11-openjdk-devel-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 4ec0c3c602e62d52510952aba355a755
SHA-256: 4d88a956c9d14afdbc5b4319fce59240414c5e7ac47b2f9b628fc2a47697b515
Size: 3.38 MB - java-11-openjdk-headless-11.0.18.0.10-1.el7.x86_64.rpm
MD5: abd60bbabbe32c0165192403446d16ec
SHA-256: 2b45e8636fd971ca783cb43287ccbd36325f25508d1af667c5141cd33bef42ed
Size: 38.93 MB - java-11-openjdk-headless-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 7f844f74855388260ef713c1c868b569
SHA-256: 304558bd497b59971a2bfbbf2299c63b20b7a67bca8d555252bf5eb454861208
Size: 41.46 MB - java-11-openjdk-javadoc-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 44b0d90c989c6e48174b8db4c8874e67
SHA-256: f07a7badb69d837d3a62f97fee314868d29732cee44894bd00723a1179a9a989
Size: 16.10 MB - java-11-openjdk-javadoc-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 99e34450cbb7dff90d9edf53391e7b2f
SHA-256: eecc782bcb90461873d91a270ce2451f9bbbd9ef774f6bd600b73cfe54b8948c
Size: 16.10 MB - java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 13f8ec91c33ddb39d906997ac7dfeb6d
SHA-256: 36340c027bbb7801337eca5d824a2594d75f94a479f10c72f3a3117781210bb6
Size: 42.05 MB - java-11-openjdk-javadoc-zip-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: a81d5c0fb27f455236c7bd319ae034db
SHA-256: 61efc81666827fbaf224c28019a119993298eeebfc9b6cbe542699056105b8d4
Size: 42.05 MB - java-11-openjdk-jmods-11.0.18.0.10-1.el7.x86_64.rpm
MD5: a91957560a7eed79e504be9887a54e95
SHA-256: b42b6ea4d3f435db3bf79a95eaccd3269da2e4519379e98bda584fac8c93e647
Size: 305.86 MB - java-11-openjdk-jmods-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 09ca6604583905e30c912d7e4c06128a
SHA-256: d6cb6a519c9f7899f42baa127cfa5b630f806807348f338445a7d2085d5aae15
Size: 174.12 MB - java-11-openjdk-src-11.0.18.0.10-1.el7.x86_64.rpm
MD5: 9bca697fe272cba311e654a8a7d51b89
SHA-256: 2033eda69d76c8beea6b49b73beb919c2bb3933d632c8499458c9c873fefcfde
Size: 50.43 MB - java-11-openjdk-src-debug-11.0.18.0.10-1.el7.x86_64.rpm
MD5: bad375873f1a2e165bec109ddac1705b
SHA-256: de7dd1626108825bf2c0964fedab1ec513c9e4a0461b8daf3f73a07c5a049473
Size: 50.44 MB - java-11-openjdk-11.0.18.0.10-1.el7.i686.rpm
MD5: b07083f69feeeabac7299d59c6774112
SHA-256: 1cc14f66b27385f72da5d6f1e7ac4fd3e853b36c7b429c70ad3b270ab3432329
Size: 233.75 kB - java-11-openjdk-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: d2734f7f29754a48ab6b4cf087e64feb
SHA-256: 6ecad09ba8f810f7a7bafde33739ecb0f7571071e981aa973104ab3e81676d28
Size: 237.02 kB - java-11-openjdk-demo-11.0.18.0.10-1.el7.i686.rpm
MD5: 25be5d3a712467108e212a3b5c4258d5
SHA-256: 67704647c96affdfb788da54e0ec95cc01b0b27f9d558bdc658b3f04822f06e2
Size: 4.36 MB - java-11-openjdk-demo-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: 12614f831b19988e06e31b664ca1ebb5
SHA-256: 426510baee407072510cc0bc553545c15a89fb7d866ab9d50ab2c4f46a45ffa2
Size: 4.36 MB - java-11-openjdk-devel-11.0.18.0.10-1.el7.i686.rpm
MD5: 475420d36ac5a2b2d6aa200aa2f99e50
SHA-256: b90502d6b790a046b785f19cd32318feca069fcd22a6477a07f04004dc351980
Size: 3.35 MB - java-11-openjdk-devel-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: 0e0d5cb6603db13b7761d1b1c0b8df7d
SHA-256: f6e1b01604cfc7502a122412d7c24c6cd31842de3d1f9d99307ce97928947c2f
Size: 3.36 MB - java-11-openjdk-headless-11.0.18.0.10-1.el7.i686.rpm
MD5: 288cc6cf4c1631e2782b31dbfaf8e7a6
SHA-256: fc1b5f38feba0b84f5051c5399766935e04ce074be8b84472723ee15f2ef0322
Size: 35.05 MB - java-11-openjdk-headless-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: b01a4df989faff205c2beaf450020204
SHA-256: 7745a5e040a6828083baf2105dfc21f5c2a879a4d69ca37475dddbc6f3e94940
Size: 36.94 MB - java-11-openjdk-javadoc-11.0.18.0.10-1.el7.i686.rpm
MD5: 299ba5757e8021d54f4726a29278cdf8
SHA-256: bce042d8c48fff720506605c75fbc8543fc2d0ab333627304a1728502869e879
Size: 16.10 MB - java-11-openjdk-javadoc-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: d74f230b5fb56c29016a2a70e152574a
SHA-256: ef0249fe2b9cd900ecbe602e0b94afd9902b2fce3237bb4b97a74b227f9199fe
Size: 16.10 MB - java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el7.i686.rpm
MD5: b789bd1a674ee796dbcc3a36fbaceb29
SHA-256: 1877a9bc3240fd5bea21152104bd6e8ca17f31027a60ac2e8151505a656cced2
Size: 42.08 MB - java-11-openjdk-javadoc-zip-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: 282d45f5adcac131404c307dcd8f14a4
SHA-256: 33b17976db1393f39e76ba9d7e3f3fc178a0636d97319c84b843607303c20166
Size: 42.09 MB - java-11-openjdk-jmods-11.0.18.0.10-1.el7.i686.rpm
MD5: 1a1b10468864566024eedb5ceab223ad
SHA-256: e595a3c73b546d6f3cfefb3fe432cb87cae31c4b848c2b4f4fcd1a0d4b13864d
Size: 258.02 MB - java-11-openjdk-jmods-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: 82fabe78b2b494956f6cec5140a8d044
SHA-256: 3c332e486211c0bb298dd27bfb70f8189da6ddffba2f2320865533a85a6bcf4f
Size: 147.08 MB - java-11-openjdk-src-11.0.18.0.10-1.el7.i686.rpm
MD5: e1ba2d3d14dd278ab0b86ef91fc47ad9
SHA-256: 476d2c70eaa8e9f62899b8bdd27311107b37c460ebad617ecfeb7eb3ebdc225c
Size: 45.69 MB - java-11-openjdk-src-debug-11.0.18.0.10-1.el7.i686.rpm
MD5: 7c8ac56ff1c25d96768c1793726ac475
SHA-256: f643624cca26603c44db0866ff77fa510280901875ab149952daada518a1155e
Size: 45.70 MB