java-17-openjdk-17.0.8.0.7-2.el9.ML.1
エラータID: AXSA:2023-6268:14
以下項目について対処しました。
[Security Fix]
- Java の Networking コンポーネントには、認証されていないリモート
の攻撃者により、複数のプロトコルを用いたネットワークアクセスを
介して、不正なデータの更新や挿入、削除を可能とする脆弱性が存在
します。(CVE-2023-22006)
- Java の Utility コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを用いたネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-22036)
- Java の Hotspot コンポーネントには、認証されていないローカルの
攻撃者により、細工されたコードをロードすることを介して、情報の漏洩
を可能とする脆弱性が存在します。(CVE-2023-22041)
- Java の Hotspot コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを用いたネットワークアクセスを介して、
不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2023-22044)
- Java の Hotspot コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを用いたネットワークアクセスを介して、
不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2023-22045)
- Java の Libraries コンポーネントには、認証されていないリモートの
攻撃者により、複数のプロトコルを用いたネットワークアクセスを介して、
不正なデータの更新や挿入、削除を可能とする脆弱性が存在します。
(CVE-2023-22049)
- HarfBuzz には、マーキング処理内で元のグリフを探索する処理が
指数関数的に増加してしまう問題があるため、リモートの攻撃者により、
連続するマーキング処理を介して、サービス拒否攻撃 (CPU リソース枯渇)
を可能とする脆弱性が存在します。(CVE-2023-25193)
パッケージをアップデートしてください。
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
N/A
SRPMS
- java-17-openjdk-17.0.8.0.7-2.el9.ML.1.src.rpm
MD5: 4e5459324e1a19661cb05e6d9899a50b
SHA-256: c12fa3eef1408912da1d0ab2f419f962fa09a3ec72853805b39f16e3ec622d07
Size: 61.80 MB
Asianux Server 9 for x86_64
- java-17-openjdk-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 3d8253b8c40e9a6c4d6ce79e8ef7e581
SHA-256: 6bb4f6d38fd2555f74514dc88bc2ebd92200ff41281bc69b172e653e3353f418
Size: 433.93 kB - java-17-openjdk-demo-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: fecfa081eed664cc93e050e7ea4776a9
SHA-256: 76c2527ec87371e30b4714818eed6cc2d3975bc304a3e5d38bd246089674258a
Size: 3.38 MB - java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: f56899b37a6e18e0982da04b1d29c3f1
SHA-256: d9b0fbcd909ccc5aa1c58e35f9f0de91a4fd73b4a9378bf2f5ee3e9c86e57afa
Size: 3.38 MB - java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: d627f3c4bd09581ca086a363807c343c
SHA-256: 3c7529300fb22244c9f3f47915310638875ef2d438d917ad7333c8b8b989d603
Size: 3.38 MB - java-17-openjdk-devel-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 513c78154f71f841a4ba1f80a2d8a5ba
SHA-256: 347684f44247a932fa11c62ce550dfc7096fae7a0cff78f600a72fd240ac5b73
Size: 4.72 MB - java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: c290b466481a6c9a1026da8a7c06159a
SHA-256: 33bf5d619005247379e3bb5f95febc7035f2c8e77e5d60bfdb4c83d73006219f
Size: 4.72 MB - java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 4e645233f472fb74d803f4849d9a1746
SHA-256: 1857ead82953a93ea4241680c6e40a67430a863172e351bc190fb3ef03e8ef5a
Size: 4.72 MB - java-17-openjdk-fastdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 7717c806bbdd41e9d803aa8fb3ead77d
SHA-256: 0fb47b0354ba73ffc49542f0ff43c4f41fed5c973309d143eed07dae557c3e02
Size: 443.00 kB - java-17-openjdk-headless-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 769274a9c021e5df63a2372556aa5921
SHA-256: ef7472a5feba28c40983a76c9922f63b63bf400b537f4f04cf396b543f86210b
Size: 45.04 MB - java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: b07af3f27ca7ceb36b350f3339080ba5
SHA-256: 1ce924167f6f95292450894a775deafb9c2f068dba28a8aafd4b7f27713ba6a3
Size: 50.22 MB - java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 300f503884c30cd88a1421d21725432a
SHA-256: 323fa90836a0f8d013e953d7d29165af20933157682cef195bfb83442fb98f90
Size: 48.74 MB - java-17-openjdk-javadoc-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 3ae5b1e2b0f4ed53767143b8f6518679
SHA-256: 5a185a6b76a6069cec42c74c6e36f7e15db7cdc3c7b169292ab4ce93f91978a0
Size: 12.47 MB - java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: a00cb5ba33500c51470ef5ac4476f9da
SHA-256: 5a5ab594af9bd77bd3bcdb10f588a74ba8d37653c58867c305b4cbc83e09081a
Size: 39.42 MB - java-17-openjdk-jmods-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: cff7c565d1b2897c5b902fd8a8850893
SHA-256: e8bc211389cca4bf1e2a22ff20fe5d54e396d9cb03589e5759c11fc1c49182d2
Size: 250.13 MB - java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: b4eba048e4891e5465a72001f039c303
SHA-256: 9e1436134bc4450ac4f5d1a0df2a523832cc6ebc4544b7cfc33a865af779e2a8
Size: 249.74 MB - java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 902d848f2f72efe1ad075b130f15f562
SHA-256: 0bbf1ba034cd1a68aff28304620fc4288bffa5f2d913fc19d53454328955fe0b
Size: 179.37 MB - java-17-openjdk-slowdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 03989cb1226fed19dfc77ae47a9a22c9
SHA-256: 32338540c9960a674ef74ed418745b2b4b0b16898d18ff236833d087ad9ca635
Size: 412.75 kB - java-17-openjdk-src-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 3080774d0bb8e83e6ae469c2ddd8cac4
SHA-256: 2ac0ab1d606edc0b5fa656c9bc39e5a155edebb65a4a064592e67805480cab96
Size: 44.70 MB - java-17-openjdk-src-fastdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 528ac78ae630f9fbaac40ba37b5102d2
SHA-256: b51eb1a148f1cfaaeaad22b59d107e1fb856491d42ef497c500ea5e609728045
Size: 44.71 MB - java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: ca0e887aaff66a1786a6209eacf51a67
SHA-256: 2ba22cc4f9a2ad6df5e3ee72687161528270156556bd9da7b51b0c32152979c5
Size: 44.71 MB - java-17-openjdk-static-libs-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 507be5feaf1993a2824d8a60e8a47f38
SHA-256: b67235feadbccd9b63638c09e5b6f2862c7eb256479eabe2ae4f8fdbee3bbb47
Size: 32.47 MB - java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: 7399e0a285350a321e82b9eedbdff36d
SHA-256: 9459bd7e57e330347a2d798acf8c6bfd7cab4d1f68e8d4d7767b6b845df74856
Size: 32.37 MB - java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el9.ML.1.x86_64.rpm
MD5: ee885959b73bcde56f83b784561ba266
SHA-256: bc5f214c4cf351b9ac130b5d5cebc2729b459f82c245205c5033b43c9e79b9d8
Size: 29.07 MB