java-1.8.0-openjdk-1.8.0.392.b08-3.el9.ML.1
エラータID: AXSA:2023-6541:22
リリース日:
2023/10/24 Tuesday - 05:54
題名:
java-1.8.0-openjdk-1.8.0.392.b08-3.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の ciMethodBlocks::make_block_at() メソッドには、リモート
の攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2022-40433)
- Java の CORBA コンポーネントには、リモートの攻撃者により、
CORBA 経由でのネットワークアクセスを介して、不正なデータの
操作 (更新、挿入、および削除) を可能とする脆弱性が存在します。
(CVE-2023-22067)
- Java の JSSE コンポーネントには、リモートの攻撃者により、
HTTPS 経由でのネットワークアクセスを介して、部分的なサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-22081)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-40433
An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.
An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.
CVE-2023-22067
Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-22081
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.392.b08-3.el9.ML.1.src.rpm
MD5: f2af3e5e91d01a3c2e7c01ac9c34845b
SHA-256: d2a53ad423c125deea4b07f07f242e6ed00c72d23b9a646cafbf7097c1d0c2bc
Size: 57.36 MB
Asianux Server 9 for x86_64
- java-1.8.0-openjdk-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: b768aba173c573be87d2d1fde121f424
SHA-256: 63ad80905854fb0f26df08fae0c44c7dcad1212c8db9b6f569dafeb3ef6618d9
Size: 455.87 kB - java-1.8.0-openjdk-demo-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 50f6b0a28fe8c34e723ef4d1ab47eb65
SHA-256: 479d9333fe9f5c5d0de9e28509e36eddbe83716a64daecbdffe46711fee47665
Size: 1.95 MB - java-1.8.0-openjdk-demo-fastdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 76f34b026a79be5f0f6d3c7ded3a2a76
SHA-256: dba652efeb6aa067bf1f9d8c2e2db3a7e83af30721b148b0335c59128ce4996a
Size: 1.97 MB - java-1.8.0-openjdk-demo-slowdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: c9a62d9c7995835607aaae8ed1cf4b40
SHA-256: 554ff5ada45769a6a8cad88879e839721fbb2147687bdb5fd523cc8b53e97767
Size: 1.96 MB - java-1.8.0-openjdk-devel-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 301fd96d0893db320665901a9190a9e6
SHA-256: 7ac6ebae9c77532c63a8f01c7082c67646dab39cbbb3448d668db51a7663a6a2
Size: 9.33 MB - java-1.8.0-openjdk-devel-fastdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 6f42d54b5ff273aceecae7598174be9e
SHA-256: ae872cf15442ca5986ad66408d7333dbee948e608e097bb3d73da5161f7c95c1
Size: 9.34 MB - java-1.8.0-openjdk-devel-slowdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: f755491220f5db534169d11a2c8707fd
SHA-256: d3a54c4825a417a18ea13bd18c8f39276f4f1f5f4d62b9e4833b3e62ade78f35
Size: 9.34 MB - java-1.8.0-openjdk-fastdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 676044aad0b76a9272e0eaebaac00bc9
SHA-256: 557a3ddfe43632ac913ca07c979786cd8a437cecedf758a7cbcb918fb40a0a2a
Size: 468.88 kB - java-1.8.0-openjdk-headless-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 917431cebf5d9e42c0f6debcc267a569
SHA-256: 926e6a0c48cb84a5564f924cfa16441ab04261982b3eec2bc7117bea6382a39b
Size: 33.30 MB - java-1.8.0-openjdk-headless-fastdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: b561d1aae6bed80cdeb574c9d8bd53b0
SHA-256: 8c13695de3900381465cfa60309817221c9b1112ce609e62fe4a9544c5bfa42e
Size: 37.15 MB - java-1.8.0-openjdk-headless-slowdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: c9c154a8c48a7f5d666ed5e6e79fa430
SHA-256: 027c74043a34f5a948129d74377f2dc48c79b31cdb4fd30cca40ca747d4d3d0f
Size: 34.98 MB - java-1.8.0-openjdk-javadoc-1.8.0.392.b08-3.el9.ML.1.noarch.rpm
MD5: 00f8eb2e6b15f078f5d1b206d61a6d1d
SHA-256: 713a38f077bf2468107c6831d69adb0594a6667faabe976312438786f685a4a0
Size: 11.86 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-3.el9.ML.1.noarch.rpm
MD5: 41e4c7a26cbb71de777071aba65d47aa
SHA-256: 7bcc783195131ddedd7e8557faf4c93e05714f74dfd8f86dac585c47fafeea04
Size: 40.67 MB - java-1.8.0-openjdk-slowdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 30386a050512c0077a7f445473f4b213
SHA-256: 88d809c7258c914cd53351fe9390bd7ff5cd133e134d868072a57f4296688c77
Size: 446.04 kB - java-1.8.0-openjdk-src-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: aae510821fe22df3b7588ec4214e141d
SHA-256: 0b2bf524d0b37192c53f66bc830129d46b061e1f2b6a4ae6fd98f2410070c8a4
Size: 44.64 MB - java-1.8.0-openjdk-src-fastdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 3ec3ccbe206442086d4f4bb053e117ca
SHA-256: fd030dc995198894c4c9af76bb9ef729cd312018954f4d5531dbdd7e603bc07f
Size: 44.64 MB - java-1.8.0-openjdk-src-slowdebug-1.8.0.392.b08-3.el9.ML.1.x86_64.rpm
MD5: 2751070ae91fce69f0f962ab60c8fd4b
SHA-256: 6c946f77b84d2ce0f04b553cef4f299fedd9daa544852ed73fd1b69090443c99
Size: 44.64 MB
English