java-1.8.0-openjdk-1.8.0.362.b09-2.el9
エラータID: AXSA:2023-5054:05
リリース日:
2023/02/10 Friday - 03:47
題名:
java-1.8.0-openjdk-1.8.0.362.b09-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Serialization コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルによるネットワークアクセスを介して、
許容されていないデータの操作 (挿入、更新、削除) を可能とする脆弱性が
存在します。(CVE-2023-21830)
- Java の Sound コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルによるネットワークアクセスを介して、
許容されていないデータの操作 (挿入、更新、削除) を可能とする脆弱性
が存在します。(CVE-2023-21843)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-21830
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.362.b09-2.el9.src.rpm
MD5: 4afa21319b0b677eb781f3476b241556
SHA-256: 2a80c5aa67739bb32eadaef1e026172ac91a99324462c65705ac233e04826156
Size: 55.68 MB
Asianux Server 9 for x86_64
- java-1.8.0-openjdk-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 64af38d708eb61d9ff9db17b7b4748ea
SHA-256: eb680e22ba5a1b436dbde249a657f6f3af312beea43ae1324dd30d7eb3259dd8
Size: 455.92 kB - java-1.8.0-openjdk-demo-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 2efa80492b0e02866339aa836e407fbd
SHA-256: 6f3b2877156eacc1d8ac3739727272342acc95322f443b04340b55703edca77b
Size: 1.95 MB - java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: c9f91cd09b27f77dc532d7927e4dab26
SHA-256: f6bae7a7a61921698f8b179feec12f46a95a8a307bd3756e7a8f487a965dc516
Size: 1.97 MB - java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: f19c95eb40b8abe056c435093e35215b
SHA-256: 1b9e9f9e8c377e5781735015f998588457dbf70aac9238551356d6cca6a702ff
Size: 1.96 MB - java-1.8.0-openjdk-devel-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 12f274debb50926edf79d31a6300ce93
SHA-256: 3d0b2b706edc3a52a60fa5044d2bf9ee97026d235261c4e7853a7978b5887bdc
Size: 9.32 MB - java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 0f54b8911fcb4d6e0c8d2b2fae47f2ff
SHA-256: 6de731536c1d71d71301e456f4a55b3f48f0cdb5ad9b07414a02c9204aa3d7f4
Size: 9.33 MB - java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 4aa52404ea6dc64294d733701a2f9afb
SHA-256: 3595e781b818c2505aa953da30f6ede65bac6eaf67f459ac7cca1364d5ded428
Size: 9.33 MB - java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 0dc5b0acdd54fa32a0d2cbf5bbcb50f3
SHA-256: 944567f671898e4cb053b21e2765f32aa0de5067b3e22348b19b0199ebbad753
Size: 469.08 kB - java-1.8.0-openjdk-headless-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 81e89ce4c7dd8f3670278a2e7ba1cc59
SHA-256: 08130ccf7143c2c0ccdff07c766d4d946481392cf5a4aa01d770ad9453ed7dd3
Size: 33.17 MB - java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: 84d9421a35c7f50706a2788028a1917d
SHA-256: 01403a6714a1121c3defbaa47f7905879566652f09d7f790c5f27f1c54f1ec08
Size: 37.04 MB - java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: f6120e37da16e21cf040f7c31bde6bb4
SHA-256: 01f81c8259d1bc3a32c6ef32cf15703a5f1ace51e945466370315cc20ce8836b
Size: 34.84 MB - java-1.8.0-openjdk-javadoc-1.8.0.362.b09-2.el9.noarch.rpm
MD5: a40eb3d96b01d762abdaa7b3e83911e4
SHA-256: a4922e7c50fae2a0bc28c8d55b732c90b31ca81c609af9f3344ffd5a2a9555f9
Size: 11.85 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b09-2.el9.noarch.rpm
MD5: a010db304a96793340389b206eb27be2
SHA-256: 78520b1f14b7fb3cab5eb96718e65859f766b455d2a4ee84114cb61d0d5c8bf7
Size: 40.72 MB - java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: c0597cffaf836446dd0771d3a3d7ade9
SHA-256: 34231656480a7885d4e3f45bf307dc988691724969dfebd6e60c7bd6c35caeeb
Size: 437.63 kB - java-1.8.0-openjdk-src-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: ec1ef9295ac42bef4a8d400ebea64a65
SHA-256: b21ec324718993c1c625b4f09a9cb5cfe41aa4bc51f0a7b9ccc6c7cf0f936cf6
Size: 44.61 MB - java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: cd9d3b7f4bf348d94e10ea89245e5d67
SHA-256: 38cc6209e1f821134973fc38ac6a08c9443f86025212c7cb5764d6f9bb43b8fa
Size: 44.61 MB - java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el9.x86_64.rpm
MD5: f0dcc60e76cd8f7e050889b353c11bd5
SHA-256: bc1f10fa4df8d49f807c217f24156337b35626d8d51586f1d04e43fe2dc6b2ca
Size: 44.61 MB