java-11-openjdk-11.0.18.0.10-2.el9
エラータID: AXSA:2023-5032:05
リリース日:
2023/02/09 Thursday - 05:33
題名:
java-11-openjdk-11.0.18.0.10-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の JSSE コンポーネントには、認証されていないリモートの
攻撃者により、DTLS 経由のネットワークアクセスを介して、部分的な
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-21835)
- Java の Sound コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルによるネットワークアクセスを介して、
許容されていないデータの操作 (挿入、更新、削除) を可能とする脆弱性
が存在します。(CVE-2023-21843)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.18.0.10-2.el9.src.rpm
MD5: ba84ca596186eb1bbe02e4a4d2146e4e
SHA-256: 5ce24744bf7e4a1fc961a6e19963238535573ce2a7ba5ff5aeb4111c7affbee0
Size: 75.30 MB
Asianux Server 9 for x86_64
- java-11-openjdk-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 30d130229f45b31d3e6f106ee9d8a15b
SHA-256: 622f01527fdd5d2515f09489708e2a53b2016f018955b5f77589c8da12f1b9e4
Size: 438.90 kB - java-11-openjdk-demo-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 47cf2ee0290f1c92dcc118e792caad57
SHA-256: 1830ecd883f9706100c851c69b087ead9cf8db3ad32f86edeb66235d714161be
Size: 4.32 MB - java-11-openjdk-demo-fastdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: dd209482bd04c980169042bf6b208d93
SHA-256: 7afc2b52ef83b2cbfa9bed0ee4d7c8172c63273d48382d1112c44d5d9dd27c70
Size: 4.32 MB - java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 1b9ca1baa35300d40588f7ee52b82d22
SHA-256: c5b73a89145633d60d129a972b2eb727db7343ed15f86dfc5e6ab75ed1282778
Size: 4.32 MB - java-11-openjdk-devel-11.0.18.0.10-2.el9.x86_64.rpm
MD5: cbc2a87fa5622e3e9ca407d181a02343
SHA-256: c903fb63c8e9883de8e1f2f4dc4315a7d74fc866e5e2f71706dca2a0b77d6daf
Size: 3.29 MB - java-11-openjdk-devel-fastdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: a9e2bcfc7572aac0f80c53da4644b9f9
SHA-256: 87d4f3c0e6eed14db650c28d4cb5eaf6df370d795c6f1d431b03c155af6c9cb8
Size: 3.29 MB - java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 545b699c6def912b1bab179881a89eab
SHA-256: cf961447847e64a8428227adfa256ba918e757b3c3022f6d854d32c1fbbb826a
Size: 3.29 MB - java-11-openjdk-fastdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 3364fc2b400ffa304ce865e950064d8b
SHA-256: 0175b4ab1a33fc946467aaed2f88315b1852ae859b9fa969272830ae1132e3e2
Size: 450.65 kB - java-11-openjdk-headless-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 208cfff47442fd131ce1ae4c69c926b9
SHA-256: 68798a34944ddc06d99aa7b69380ffdd2d1d4db010a0c21426d30759893fdd39
Size: 39.52 MB - java-11-openjdk-headless-fastdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: f551b2c8c2d5e1393a207d80521e43e8
SHA-256: 99615707cfb5ac5f3a88eb6b0d1e692ce6c3780b9298b9554b9805f6811dd51d
Size: 45.02 MB - java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: f89fc18c758a3a6ce9d87a061fe3dcb7
SHA-256: 5c3f483be22cd4fdf940ed26863be097da0298eb7634d57afad15f18ac243188
Size: 43.84 MB - java-11-openjdk-javadoc-11.0.18.0.10-2.el9.x86_64.rpm
MD5: de4880c10c031e3f8407a2f00e0d3b66
SHA-256: 43643eb8d80c0f23368765bb53a85c5486cd0f7cc27d8979ed592eaa8ddff60d
Size: 12.61 MB - java-11-openjdk-javadoc-zip-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 7563ab205f53beee685c15818369cb6a
SHA-256: aef027923cd74336dad29bbcb68b4ce10093223a1dc877c0ed3bacf54285ad69
Size: 41.09 MB - java-11-openjdk-jmods-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 2e5981a47339603539e83c1a4ec63ef4
SHA-256: dc266c0c5f9d82ee4d06e7328181c0f44595ee74ef7d01e4c947d664b5764836
Size: 319.10 MB - java-11-openjdk-jmods-fastdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: d8f58342eddae72e2b9c460a0df9a1c3
SHA-256: 970770985908c2e86f857966110b044cde512518e910a10a349be7074b950b53
Size: 279.93 MB - java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 2c7369e523fe44b72e9515e1215f6eeb
SHA-256: 9688adf17d65d9dc58f39908e61d2054582b153b2e00748f63e12907d6182c23
Size: 208.19 MB - java-11-openjdk-slowdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: e0168466f51c3caefd20f2dde885722b
SHA-256: dc665c24c22ee42a440d12531a9e2b9d73946468e43e4cbe8a730124a07e8d21
Size: 412.65 kB - java-11-openjdk-src-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 4cff636cae8558f90b25369f0dbe911c
SHA-256: a11cfea61a79cce93a9b3bc81467db4fea4482d7d4536b7caf61b88c97db5ead
Size: 49.65 MB - java-11-openjdk-src-fastdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: fba9bf244a07f91336effa6d6ea1600e
SHA-256: 28019852bb9bb9ff14e0c6bc76baa29d1b3c1d0295b20704d001622dcad19020
Size: 49.65 MB - java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: e45cc234f17e51427a349e370e81a672
SHA-256: 6fe41f2548e1dc621e4511b9d8d6e8229edd16e8775cfe6d59b22b3d5cf74fa3
Size: 49.65 MB - java-11-openjdk-static-libs-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 47cb1c5543000fc2a5adfa044ddb57ca
SHA-256: e0d65a6be332f38ec9b3cce562eb411fd09ad5db3dc0e61f4a5452f9bf6e6e0a
Size: 26.64 MB - java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 6bbc9521993d10f9252ffbf2c278054a
SHA-256: 7de0126c395de5e3c4e2e69627a9ff433a64c94639b225e2991f6c289c781fb6
Size: 26.88 MB - java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el9.x86_64.rpm
MD5: 68896dc1b744679a6c95a569b8dbd929
SHA-256: e88351ce18a5ff9d0673a6d7eaee35d8477e1f6ad4c53c6e6d6b4506255dd96f
Size: 23.97 MB