java-11-openjdk-11.0.20.0.8-1.el7

エラータID: AXSA:2023-6250:13

リリース日: 
2023/07/21 Friday - 01:44
題名: 
java-11-openjdk-11.0.20.0.8-1.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Networking コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-22006)

- Java の Utility コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-22036)

- Java の Hotspot コンポーネントには、認証されていないローカルの
攻撃者により、細工されたコードをロードすることを介して、情報の
漏洩を可能とする脆弱性が存在します。(CVE-2023-22041)

- Java の Hotspot コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2023-22045)

- Java の Libraries コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-22049)

- HarfBuzz には、マーキング処理内で元のグリフを探索する処理が
指数関数的に増加してしまう問題があるため、リモートの攻撃者に
より、連続するマーキング処理を介して、サービス拒否攻撃 (CPU
リソース枯渇) を可能とする脆弱性が存在します。(CVE-2023-25193)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-22006
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2023-22036
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2023-22041
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-22049
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-11-openjdk-11.0.20.0.8-1.el7.src.rpm
    MD5: fba9339a0633fd41d5a2f440c4f30750
    SHA-256: 969895f3c6abcfff6522884cfd529a32967f79fc90c94c74da626951a8471430
    Size: 68.20 MB

Asianux Server 7 for x86_64
  1. java-11-openjdk-11.0.20.0.8-1.el7.i686.rpm
    MD5: 1809b6ee785c552f2e6f547802f7a6ed
    SHA-256: 77783ca1f24ce68987d21486ea143a712708c55a8f6260cc6b21c05059f30059
    Size: 235.65 kB
  2. java-11-openjdk-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 87605a9b22a3705d7376274f533e0bca
    SHA-256: 5e0ae8688fc97412b0dd475382b93442584937f6174ce4ca5d85ed2aa2bb6619
    Size: 239.38 kB
  3. java-11-openjdk-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: 9daa1d0632a73150aa80864497c06419
    SHA-256: 46382e97d90b17794c11d7fe28102f27f5d845795b598ea4742fa3d95be668a1
    Size: 238.50 kB
  4. java-11-openjdk-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 9f4c134aa9fa94d74b6c715fce4e5f0f
    SHA-256: b55f927d83c2fe939c3a2c4d99ea1c3eddee1f7baf45683b1c0eda8af18e2966
    Size: 244.61 kB
  5. java-11-openjdk-demo-11.0.20.0.8-1.el7.i686.rpm
    MD5: f15d9d74588145ad21431ac73ac383f2
    SHA-256: 54bd779ae52167a69784cc090024f352ae68e466b7bc8b2087a51a07457873de
    Size: 4.36 MB
  6. java-11-openjdk-demo-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: ed3943caa95a5f2d4a8aafa974d6888e
    SHA-256: d180180566b19098fab3da4e963c760dd90a3410efdbe23d25a59e97c7f1513e
    Size: 4.37 MB
  7. java-11-openjdk-demo-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: 9f356ec4fe0c2bda37e6b0f09171bc0a
    SHA-256: f167f3027aecf2207627b1fb597519cfe92089e0aab02938d3f309a34e908584
    Size: 4.36 MB
  8. java-11-openjdk-demo-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: b6f5dd9313b98c90c10cf5aa21ed0e13
    SHA-256: 91c753d556dd0b0f1aed8ff84f34b61c9220837d22b8e49ddc8ef4aa2141eeca
    Size: 4.37 MB
  9. java-11-openjdk-devel-11.0.20.0.8-1.el7.i686.rpm
    MD5: e7dc6f4c988149219bc28d87f12883df
    SHA-256: 86480ad5a243e4aaf345434c4a2e06591dcd3e1967e0583a71341d39bee73e4f
    Size: 3.36 MB
  10. java-11-openjdk-devel-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: a494ab879a6315ac585c8a2320987b70
    SHA-256: ec248d87ff263073638b0cf236cb489b00766c4c6c152f52852146fe43d7fd72
    Size: 3.38 MB
  11. java-11-openjdk-devel-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: cb70add8f58209e6334173365d132efe
    SHA-256: bcdd5bafc5ea02be3f0bba78d939bcea46758271efe16c000cd67dee07e8dcd1
    Size: 3.36 MB
  12. java-11-openjdk-devel-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 06a1c78c472d448ae7844dcc5a3f270e
    SHA-256: be22641f23cc3c2c54d69c8c93cdad51743a2fb01183610d32de855448825dda
    Size: 3.38 MB
  13. java-11-openjdk-headless-11.0.20.0.8-1.el7.i686.rpm
    MD5: 21c715441ae0bf920e02c102bdca3a07
    SHA-256: 088e7923170ac1f3ccc84ceb47662014f17fcb1987f0361fbf504c2da1320958
    Size: 35.08 MB
  14. java-11-openjdk-headless-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 5724464a468997ef9842beb33d15e024
    SHA-256: b95f4346330142f981913598994e2e5eec4150a55e502c4f6c524ca7b39fba06
    Size: 38.97 MB
  15. java-11-openjdk-headless-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: 75694b4494b00d79525cfbf9da627673
    SHA-256: 056d8c0565011a2c82fecfe0c8d952d284cfc8b1d828728aa7e150c900ad76e7
    Size: 36.98 MB
  16. java-11-openjdk-headless-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 1fc43409393762e12b084b6840f87255
    SHA-256: 17c88866044511c34e628f87b7a0ee4fd2ef4029beff0b32d160a48bb8270bef
    Size: 41.49 MB
  17. java-11-openjdk-javadoc-11.0.20.0.8-1.el7.i686.rpm
    MD5: 0456b8b779a75d9eadbeda62cd4058eb
    SHA-256: ae7f7c718d11b994de9b1097273dc849e1c43a4ac821430bc636b02b55eee1e8
    Size: 16.10 MB
  18. java-11-openjdk-javadoc-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: e54ab5dd10e36f0dbb7dcae7df08c960
    SHA-256: 2a045ee080e4b0726ad10fbbd45defb5d126851f5a8346a0b20575410715faf9
    Size: 16.10 MB
  19. java-11-openjdk-javadoc-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: 14690942fc395118bbfcf01b69d58b1e
    SHA-256: 7a6e920d7375e256d72d67d30a6bcc9cf42c6f5a35f21382667ba1c6b224e019
    Size: 16.10 MB
  20. java-11-openjdk-javadoc-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 592c02173fdff048cb5eb81d05a43d6e
    SHA-256: 3840fe2d5e95f57831ef9c2d2de9b8010d852c2716c882f267cda9c3d125d4f4
    Size: 16.11 MB
  21. java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el7.i686.rpm
    MD5: 71c5d4ad8a2dc848d092083d397afced
    SHA-256: c993b69a916c7b2f9f34917657a924deeafb0b096d2263a219d8eac4c49dedc3
    Size: 42.08 MB
  22. java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 770a39668bf7775f4a85287fcca02ac2
    SHA-256: ee0218065548a6ccff4f700d3faaa74d8454cb3c3117c96a9f4a9d000db7bd07
    Size: 42.04 MB
  23. java-11-openjdk-javadoc-zip-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: 81126bcb075cf38e25a386e09caec3b7
    SHA-256: 1f88901197326c68a6ccbe4731497ee888cf059f19817ca68e8f2d54cd66989a
    Size: 42.08 MB
  24. java-11-openjdk-javadoc-zip-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 9eb647a06c8517dd7ee2fd405eb9c692
    SHA-256: 104dbe21a694913969499555d0bda926a33c13ab9371e222f87b3fc86d97a7e9
    Size: 42.04 MB
  25. java-11-openjdk-jmods-11.0.20.0.8-1.el7.i686.rpm
    MD5: 6aa43f2aae4111b21e0f2dade0d0834b
    SHA-256: 0c3d0ed3a06f6b21b63e6fca4ff8008726cc1ec49b882a4c03be0c02ea8abb38
    Size: 258.06 MB
  26. java-11-openjdk-jmods-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 0ca2178f97fb104bbe5ff08b7c3e41c1
    SHA-256: a06100d2dcfa0258ba53ee101729450ab117504a5dda79aeee2ecaf32762669a
    Size: 306.10 MB
  27. java-11-openjdk-jmods-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: 7ba56ee98f61715195bf3f3693fc6467
    SHA-256: 524d95e89ad5616b32f0fe806cdaba0a9174c40b091175ed2c1c4bdf1f1f80bc
    Size: 147.16 MB
  28. java-11-openjdk-jmods-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 738183a903b951dc5d38188bee8fd596
    SHA-256: 59da840f6df8d3cd809ce22f33ca9994156c5ab5cbe49afcf5e7b5897aecbb27
    Size: 174.20 MB
  29. java-11-openjdk-src-11.0.20.0.8-1.el7.i686.rpm
    MD5: d47ae2c4302a8744edd5751c95226f37
    SHA-256: 21eca2e5165587d5db6cd351b89cd9f9b09df9bd3cdc1fac01168b9952eddb12
    Size: 45.70 MB
  30. java-11-openjdk-src-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 76c29eba8b3096de3f37a6b7aef04a23
    SHA-256: d8d77e772804da2750671ea81c0c1fcdbec818e45ee65f4f52c953bc7caf1f1a
    Size: 50.44 MB
  31. java-11-openjdk-src-debug-11.0.20.0.8-1.el7.i686.rpm
    MD5: 1999fcb6a4e8852460dd2a035bccdcc7
    SHA-256: 2cd3f2e466ed4a0bbf5033bc30452bb33194723fb07e2ee92612600d4698f86e
    Size: 45.71 MB
  32. java-11-openjdk-src-debug-11.0.20.0.8-1.el7.x86_64.rpm
    MD5: 6b4da442817cbbdc6f813b8c4fa342cd
    SHA-256: a7791b265891cede57b5d65c0d6c5ffcac1270a75abcc74ff6d2e16788d0e02d
    Size: 50.45 MB