java-1.8.0-openjdk-1.8.0.392.b08-4.el8

エラータID: AXSA:2023-6540:21

リリース日: 
2023/10/24 Tuesday - 05:33
題名: 
java-1.8.0-openjdk-1.8.0.392.b08-4.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- Java の ciMethodBlocks::make_block_at() メソッドには、リモート
の攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2022-40433)

- Java の CORBA コンポーネントには、リモートの攻撃者により、
CORBA 経由でのネットワークアクセスを介して、不正なデータの
操作 (更新、挿入、および削除) を可能とする脆弱性が存在します。
(CVE-2023-22067)

- Java の JSSE コンポーネントには、リモートの攻撃者により、
HTTPS 経由でのネットワークアクセスを介して、部分的なサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-22081)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-40433
An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.
CVE-2023-22067
Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-22081
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.392.b08-4.el8.src.rpm
    MD5: c7e8ef20d06017af22b68bc18ebf225f
    SHA-256: 17f7750538e050664126cb455b5824514d464c7fab1a51ca3088e3a11e0344b4
    Size: 57.40 MB

Asianux Server 8 for x86_64
  1. java-1.8.0-openjdk-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: ac8ed677faa0a115dbb388aec68392ee
    SHA-256: 9b5edaeb360831b2cd3651f453f87d47ee6a700032c8a3b1cef0e56b67ef662a
    Size: 549.00 kB
  2. java-1.8.0-openjdk-accessibility-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 534512a8960dff0a0e3af9455382f1da
    SHA-256: d4417c8c7c24e7f492fbec3c737c24787b8e48bdb55a53d141dcd01d016a5b2d
    Size: 118.07 kB
  3. java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: c2853ef4d780afe588782d712a751338
    SHA-256: d2f8bc1e06c88e7b741724ccaf72802518020ac0bec48cb9ee81be1dc3de3f7b
    Size: 117.91 kB
  4. java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 739af3ed678926203b201b42fcbf02c9
    SHA-256: 4ccd8c4aa35bd1d3dfed044f443d97f4a6df33bbc77064131ac360ab4c7ac18c
    Size: 117.91 kB
  5. java-1.8.0-openjdk-demo-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 5cb949c11f8f41ea6c732a51dae260b2
    SHA-256: c739142a1c78a15f78fa925f9387faf1d2d1bda6d262ef680215c84c1f98b7b1
    Size: 2.06 MB
  6. java-1.8.0-openjdk-demo-fastdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: d1ed792df24613b65a047e0d5c3f3fc5
    SHA-256: ebabd88d78cdc297423ea54ee0959fff32a6464f0f9a22f06b1dad156d6fc538
    Size: 2.08 MB
  7. java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 0c43fd84bd330f98469f664e8dd79aea
    SHA-256: 8e8e2294e26377612c581b5980e1d8d82cd8334cae60045a2ecb10b0d29f5bae
    Size: 2.08 MB
  8. java-1.8.0-openjdk-devel-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 8e6bc402a64a657ffed3043cdc760b2d
    SHA-256: 3f3d8331ed99a72e895994147971f0e6bf159cf90bcf84288f39cf29fdf1d584
    Size: 9.94 MB
  9. java-1.8.0-openjdk-devel-fastdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 6f29cd3a6765b9fa6d87de6e7918e167
    SHA-256: 5a0589ef06b3d91d82e797af18e29f65bf487ce8340f6b6196504b2fc3857754
    Size: 9.95 MB
  10. java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 678aa0dc9f8bbc59a5d8c85ff2918278
    SHA-256: 024d3308d2bb852d30a046e2e5df0f7e4a923b96362e113f53f64bbebbb82626
    Size: 9.95 MB
  11. java-1.8.0-openjdk-fastdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 7a848a58c7fea71ce2fb7bb792c6fd37
    SHA-256: 7b59d962146e373699a329546d780c75ec4f25821fdf799c34fbc9d411d958c2
    Size: 562.37 kB
  12. java-1.8.0-openjdk-headless-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 2c5da89baa7a2047eef12d363b607acf
    SHA-256: 445467405c70d5b85cbe5a8103472a37b4293d42528257346d17d95ffc7c873a
    Size: 34.49 MB
  13. java-1.8.0-openjdk-headless-fastdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: d1bc0dd80e32521f2b8ed3c9735f76ae
    SHA-256: 7a6b2a2ccbfc7493d5cadb97a69248fb66f660da8e4d2b225a87a3467e388d64
    Size: 38.14 MB
  14. java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: c1a5b487c4d67939df0d53c7602e739d
    SHA-256: 65c9b37d45bea4a564f8935dd644ac361472ad3aa52d086da16bfba5eb070ca2
    Size: 36.32 MB
  15. java-1.8.0-openjdk-javadoc-1.8.0.392.b08-4.el8.noarch.rpm
    MD5: dd094f7b1950df989edecf28ad3ab590
    SHA-256: c4444368f67433b6cea677f4ec45e502dba97548d4c9f09e8cf8a99897dedef9
    Size: 15.19 MB
  16. java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-4.el8.noarch.rpm
    MD5: c1c70b8711ad0b07824eb72144a4e134
    SHA-256: e56416ca744c983373ce147059fa3f2c88de9f844a5deed6272b4b9535b8aa80
    Size: 41.62 MB
  17. java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 3952b02eba1399f656c0103ecdff7f62
    SHA-256: 175a1dd0a66021cf4b5f6cff07b27a97e30d177f48368c45984daf457f9a4417
    Size: 538.69 kB
  18. java-1.8.0-openjdk-src-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: e81c04c1631f2e7d2cd753200b6527b9
    SHA-256: ea28f9227f17ef6489a88ae4368d8779556c89f258adfee9f2ee3b2c03479e54
    Size: 45.50 MB
  19. java-1.8.0-openjdk-src-fastdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: 5debe428fcff8a8539938343c983d291
    SHA-256: f4008717c04cb0deb13502232f937ff0e9a1f211b770a9d22f89a2c1d8e656a1
    Size: 45.50 MB
  20. java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-4.el8.x86_64.rpm
    MD5: f1795fd97ede5336ec0a72e34b5b6f98
    SHA-256: 5ec90dfe4853f4bbb753d0ed268be2994dffe87f1dcfc0a54d614af8cdb58e8a
    Size: 45.50 MB