java-17-openjdk-17.0.9.0.9-2.el9.ML.1
エラータID: AXSA:2023-6538:16
リリース日:
2023/10/24 Tuesday - 02:09
題名:
java-17-openjdk-17.0.9.0.9-2.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が存在
します。(CVE-2023-22025)
- Java の JSSE コンポーネントには、リモートの攻撃者により、
HTTPS 経由でのネットワークアクセスを介して、部分的なサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-22081)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-22025
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-22081
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
追加情報:
N/A
ダウンロード:
SRPMS
- java-17-openjdk-17.0.9.0.9-2.el9.ML.1.src.rpm
MD5: 1359dece95d3eb529b62ce1abf6c02d8
SHA-256: 2f99dac8dabe47d2d4849507b9222009f368757b2c64d56574d5aaba068fb89c
Size: 62.08 MB
Asianux Server 9 for x86_64
- java-17-openjdk-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 1701395f4d5de5cfa8d613483597936b
SHA-256: 26460ecbb67ff758d00d4fb23bc3b494a160c0099d40c55bd2fda31add542450
Size: 432.21 kB - java-17-openjdk-demo-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 00c74173bafa43161de7c35125d273b1
SHA-256: 6a378ef5d7c5ae3422e1f8381cc62c9ca2914649c0d0c518c12355121bc5e12d
Size: 3.38 MB - java-17-openjdk-demo-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 87d901830a0dab8eec55d8038ef27833
SHA-256: 48b903399cac03c5bfb7d6eba8bab3efec74d3d87ec005cfe5a487a5900ba412
Size: 3.38 MB - java-17-openjdk-demo-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 1006ed9dbb45b2913ceabd147aefb928
SHA-256: d92beeb01f0b41025d2bdd08eb67966df633ed1dc674f0ee5b97bfd1e6fc32dd
Size: 3.38 MB - java-17-openjdk-devel-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: c131522f797742cfafa72cda499269cb
SHA-256: 84d2f1477c94a27c7f063e9540bf99b8df4ed8b0b62b8a9d06151c0da04eea05
Size: 4.71 MB - java-17-openjdk-devel-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: ed9709c945887c3d0115df42951c42cb
SHA-256: 6351cd535d55566c7f107dcd0cf2d50efa5e6f9bab971a60f693381f37e6e360
Size: 4.71 MB - java-17-openjdk-devel-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 5cb446ed61ac9447fe811f3807c08a09
SHA-256: ac40ef33980649d49d7f72aba1e3ea05384ca0dbd810dfb1318c5e8c9f3b8951
Size: 4.71 MB - java-17-openjdk-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 26de5b24a43891dab19880fed0880abc
SHA-256: 554b2bd9fc1b75dadf1036ee9a8ac7dbc1b1c4ca39943f62ecfc128efccdf2a0
Size: 441.26 kB - java-17-openjdk-headless-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: b3091dd7c9a646a26f5b9d6704169c6a
SHA-256: b467109bef14b5dc9de19bc6a6e054d3c0fdfada3578f41282800414d48bcea6
Size: 44.94 MB - java-17-openjdk-headless-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: a9171c2ade4539edb8767ab55da7f5a0
SHA-256: adfdddebeb0c2297d3f0e9c6a2285e7982aa80cfaede47fd1cda0083c64e39d7
Size: 50.10 MB - java-17-openjdk-headless-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: f4a776b6293c0003d8b0ec4529ae8861
SHA-256: 9fb05ff0db306e05fe8508ab4527910674415891bd58218616ea6901040dc437
Size: 48.55 MB - java-17-openjdk-javadoc-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 8a5dda38507b4c531c5229e0849123cb
SHA-256: c2319fe742aa7b585f9a6906026690a4c014e3d7ee97db4b60ae52b9dfd798f0
Size: 12.49 MB - java-17-openjdk-javadoc-zip-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: acb3325133470bbaf3e6528f51014057
SHA-256: 9d4603d45306c7976f5036dbcfcbb695a9cb2a5bc26b912ab6d83c3c55ffc33a
Size: 39.48 MB - java-17-openjdk-jmods-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: c2d4d341258b57360d4e2b2d3065090c
SHA-256: 2e265daa36e884bb3cdec4c28af184062f72a79c23faddc625c72c62dd0b5298
Size: 248.88 MB - java-17-openjdk-jmods-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 90e646bee2e185766cc62470a15113ee
SHA-256: d45ccbbe3e684fd6d4e1cb3d1339101ae56c92c967f8230fa8c2ddb3eb5377cd
Size: 247.99 MB - java-17-openjdk-jmods-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: ed0885a63038505f92ce0f9cfdf79d1f
SHA-256: 1a06e9169c907a2329c9715bcc576fbe79e7e1d8cb9b3dacbd1005c448ada561
Size: 178.68 MB - java-17-openjdk-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 0ca9f12747edaa87c98ec1c02c864710
SHA-256: 7b133f55bdd99756d67125dd27047ed5234620ea1e55924421f5fdba95e2a777
Size: 411.24 kB - java-17-openjdk-src-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 267fd7fd51d9d97adb064a04c0819dd3
SHA-256: 42f57ddcaf71c8f13562ab4f5a9775b6fdfef88813874c9b8797f5285bcebbd6
Size: 44.75 MB - java-17-openjdk-src-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: b89d662c10c393127acdbbdc80ea1924
SHA-256: bdce25c644f96ae117e514db0c3dfcca8c0c57cf364b1cbd367d337460b73262
Size: 44.76 MB - java-17-openjdk-src-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: b73b1d9f62dcde3fd145583c104da7dd
SHA-256: 604900daf1678a182edec04d7f442f08fc6f78bd6eb7a859c8a84b635e7e550c
Size: 44.76 MB - java-17-openjdk-static-libs-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: e8f2705bd01cd2f8231756731462d0c8
SHA-256: 23701596aec42f783fda0e38e368387fe4c669716eee9d1fb456c0c57bb8b62b
Size: 32.59 MB - java-17-openjdk-static-libs-fastdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: 856a8c69f00c4d28b35e15c0f2e7a42e
SHA-256: 35002d84a48012df739e41d3fc1b3e3c636fbc0e1b04225187e194c6f9dc4c98
Size: 32.73 MB - java-17-openjdk-static-libs-slowdebug-17.0.9.0.9-2.el9.ML.1.x86_64.rpm
MD5: d8235efd1839a6d5f2ed506284bc1118
SHA-256: bd5768f66ae8740acade383df37b042efa9c6a7cb4521e3878bae89c2cda718a
Size: 29.34 MB