java-17-openjdk-17.0.7.0.7-1.el8

エラータID: AXSA:2023-5307:05

リリース日: 
2023/04/20 Thursday - 09:51
題名: 
java-17-openjdk-17.0.7.0.7-1.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の JSSE コンポーネントには、認証されていないリモートの
攻撃者により、TLS 経由でのネットワークアクセスを介して、不正
なデータの挿入や削除、更新を可能とする脆弱性が存在します。
(CVE-2023-21930)

- Java の Networking コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-21937)

- Java の Libraries コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-21938)

- Java の Swing コンポーネントには、認証されていないリモートの
攻撃者により、HTTP 経由でのネットワークアクセスを介して、不正
なデータの更新や挿入、削除を可能とする脆弱性が存在します。
(CVE-2023-21939)

- Java の Hotspot コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、重要なデータへの不正なアクセスを可能とする脆弱性が存在
します。(CVE-2023-21954)

- Java の JSSE コンポーネントには、認証されていないリモートの
攻撃者により、HTTPS プロトコル経由でのネットワークアクセスを
介して、プロセスのハングアップやクラッシュとこれに起因する
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-21967)

- Java の Libraries コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-21968)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-21930
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2023-21937
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21938
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21939
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21954
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2023-21967
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2023-21968
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-17-openjdk-17.0.7.0.7-1.el8.src.rpm
    MD5: e941b0cb741207bf64ef2df6df822274
    SHA-256: 99774cea3b04830300a199c1d1aec7540e419c0ca86570ace6b9f62ea4b8ad8d
    Size: 61.73 MB

Asianux Server 8 for x86_64
  1. java-17-openjdk-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 6f87121774516acdb6ce0b1f104201c1
    SHA-256: 1f025de68f0e659cedd972b7cbf25c73dffd3f7cb8406860cf96647ceaf6c579
    Size: 452.95 kB
  2. java-17-openjdk-demo-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 1b0073a91f3813e574844b9c567e5fb2
    SHA-256: f32852ee3a1b35de240829061e77d24be4acc3c56afc0aea4b85e8f3d1338ff5
    Size: 3.42 MB
  3. java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 281e6b7dfd2858b9afc35957bf84c8f6
    SHA-256: e34d3434fd5a2844593d759145a0631b6737b5c122835f02a434b6223e1c10fe
    Size: 3.42 MB
  4. java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 7b5599e96899cafc956636e877d7b48e
    SHA-256: b51963bf0f61497fecb53875151d2bc566a273baf8c6b76bb9ee651fa4a30acf
    Size: 3.42 MB
  5. java-17-openjdk-devel-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: bd353824953ac2c7caea936d1e09f3e2
    SHA-256: b1e3533ef4c7195c6ed02c9f3dbd5da49131c5f7480a894a8d4b6bfe8830084f
    Size: 5.11 MB
  6. java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 149756d2f1152821849ecaeddf527f02
    SHA-256: 2bfd38834a68ed377cc04b03142599b0891f445e762f7b8f0bb831568b66ee0b
    Size: 5.11 MB
  7. java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 9c273ba58817efdb626837adabcb1517
    SHA-256: 92475186154ba7bfd74efc6fe72b6326607b0fd7c7bf34df8f946de384b585c3
    Size: 5.11 MB
  8. java-17-openjdk-fastdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: d20728d7dbf89cd3be396036273b4d7e
    SHA-256: dbf94c144340adfd0e33a99dea7ded986063b80380a162595a63629f483f26bd
    Size: 461.95 kB
  9. java-17-openjdk-headless-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 880a31cc7e60b47bad5041f2f2118430
    SHA-256: a12b5cab8f1273d00068c328973889bcf42dc1e62dc00410e5f061fd5ca8438a
    Size: 43.20 MB
  10. java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 8eb78243b9e08fcfd2c0a03378c06a4d
    SHA-256: 9dc27f0162662823e98e1deac2ef42c72eb21a63eef05223bf02eb043fcd05aa
    Size: 47.73 MB
  11. java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: be13b85a75bea320337ad26415b4d557
    SHA-256: 924b0a8cf2b6698e10eac7b6743f8d43e5d55a0748cfab2f0f0dc036ad77ddc1
    Size: 46.79 MB
  12. java-17-openjdk-javadoc-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 9ab97b281e99adba59417087875d10e7
    SHA-256: a0b3a58edb017cd2f704b9875e61c7f9fae7c5caa56d42bfdc739f58759c55aa
    Size: 15.98 MB
  13. java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: a5ead60b7994eafb8274ccf2e8b88b1f
    SHA-256: fb2d8f4c20478c8e12653ee292579edf029638664efb1005a1d4bd7e6922ff3c
    Size: 40.23 MB
  14. java-17-openjdk-jmods-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: a61f7a8ba6a3ae7c84bf804862edd01e
    SHA-256: cbf32af62e579f55406d71b88203710b85f06f8473b5e0900fdb9cfcfc455fb9
    Size: 257.87 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 227be5147f4ec3f0c9e07102c1be62db
    SHA-256: 22b26c19e71ec5ed0be44a333d119bf61bf36209b1386fab10cbab3e2f12193b
    Size: 250.52 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 8dd9048a6075f4aacec99460d0698267
    SHA-256: 953d597d0f1048de639a7e5d43004a3836e665e85d51f14c751548c5fcaa4e01
    Size: 187.25 MB
  17. java-17-openjdk-slowdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 8021b24c02dfd4589dd4a7f0b92afbdb
    SHA-256: 792016701cd27a95dac2834839b2bae1011c35176bea8807e110aec89ba41927
    Size: 435.30 kB
  18. java-17-openjdk-src-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: bb26e4ace89be6617e175572a2c650f8
    SHA-256: 95edb6a160ea49a4b868642a23a1df1dfe0496ccf5b2ef163bd7d4f62d0fed1c
    Size: 45.33 MB
  19. java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: f585c4794909ea1c5cc184adeeb47bca
    SHA-256: 0f70525b5d044bdde2112b00317cd6690ebcc176081db9f3ef4952f6e3a90c54
    Size: 45.33 MB
  20. java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: b6624064ecd986154c3c9e1e41c543ba
    SHA-256: 7407458c8713cd0f9c16db8fa8d6975395c910c3aa379a6bd7719f2eea76a3d6
    Size: 45.33 MB
  21. java-17-openjdk-static-libs-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: bf013034397b7e170f6bdff1cf39f307
    SHA-256: 668713366c6629e25dee976dba790e159c6a25d9a424dbd730c9a9b97a502e7e
    Size: 31.48 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 3f772c35611b728fd4c1b3f76eb273a9
    SHA-256: f37b480fb2206c1ca959b0d2d275ac13195b0a65b07dbbf3f48b260bebade2b2
    Size: 31.68 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8.x86_64.rpm
    MD5: 17552feb58a6f048e59d1984f15c7cf8
    SHA-256: 9cb1d57af0b860cac694727725af4c4a8ca23905fbce3c424c96c8b9099e7e97
    Size: 26.68 MB