java-17-openjdk-17.0.9.0.9-2.el8
エラータID: AXSA:2023-6546:18
リリース日:
2023/10/24 Tuesday - 23:40
題名:
java-17-openjdk-17.0.9.0.9-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2023-22025)
- Java の JSSE コンポーネントには、リモートの攻撃者により、
HTTPS 経由でのネットワークアクセスを介して、部分的なサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-22081)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-22025
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-22081
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
追加情報:
N/A
ダウンロード:
SRPMS
- java-17-openjdk-17.0.9.0.9-2.el8.src.rpm
MD5: 4d394a95c1bb03be5adfb0dd18742255
SHA-256: 909b90de954226966c0182904ae7ed8080407dbcff8bf284b07f2da040f1ddc0
Size: 62.11 MB
Asianux Server 8 for x86_64
- java-17-openjdk-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 6d2a65edbd221aa544e72f60e785bc0e
SHA-256: f099c67fa5710396382e5a26bdcef514c7517581ed43c9b9f86b77760aa06504
Size: 457.34 kB - java-17-openjdk-demo-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 3cc678dd3cd0b5f2be7aa4acb4d26cad
SHA-256: f7a4264e291e70b8e86a47b5a6fee50fe132c0e67a835ed45b3e9c1588e39b40
Size: 3.43 MB - java-17-openjdk-demo-fastdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: ba2e374f104b79e1fd4c09efa4dcf2ba
SHA-256: a48eb2b563faa23d0d3a38a9ac6f4189cd84afe1314dfc8534cb6f1603ce84ac
Size: 3.43 MB - java-17-openjdk-demo-slowdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 708657c174a3861f5321059922a73a43
SHA-256: 655565b1f8cb950cc4aced597bd4619c4d5798c23182d8d1b471f788676d4d17
Size: 3.43 MB - java-17-openjdk-devel-17.0.9.0.9-2.el8.x86_64.rpm
MD5: de4082aee4ba69220f8ea7d3a718daa3
SHA-256: c4b5384214e42ac111a8f7c2ae8edbae9b8b5dc078f54832323bba3791f7c9a0
Size: 5.11 MB - java-17-openjdk-devel-fastdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: b0d90adc9270a862908523b576b705cb
SHA-256: 84f00882e5d9e4d93ed6c9ddc41d0f15f4d6903c46d66f174c0d30e6c5eec47a
Size: 5.11 MB - java-17-openjdk-devel-slowdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: c2fb61d0f7308c5d292dc310bba99f85
SHA-256: 755c07f20478b569d0dd594d3e3edb8981da4602a6e3a71456e8cb32899ce9ec
Size: 5.11 MB - java-17-openjdk-fastdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 1ce2e77587e98a24b2f69eb0ed90bad1
SHA-256: f084a0a949b2ca6dd4b1fa197a6d145bceb054bc799a531ef2425c6f6bb74204
Size: 466.39 kB - java-17-openjdk-headless-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 671b172b99cb290e33fcedef0286f95d
SHA-256: 5df98488452607eb84e72e5dfcf3f01043b2f62f3bfe4c19d043295b1bdad561
Size: 46.40 MB - java-17-openjdk-headless-fastdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 345af9f68646f58fbc3a05840dbba7ee
SHA-256: 75a802e4abc033bfd744778b88692adbf1e13b4709eb72a9b47849687f4bc8b4
Size: 50.97 MB - java-17-openjdk-headless-slowdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 8ea60042865446cf8b157a01e14bdc30
SHA-256: 5c05576093a35eaacbb2bf194f5838e658cc17a135b2953e2be892ea8bcef42a
Size: 50.11 MB - java-17-openjdk-javadoc-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 2a87f4164656b4f2242a5d2db06e2e84
SHA-256: edbf1e17a4a1fb06b05556b261f4af771c4687361bb1c8efea2a5560801ff1b6
Size: 16.02 MB - java-17-openjdk-javadoc-zip-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 62ae200d74983c6349af9b988c35de78
SHA-256: 1e1f07e72ce1ae65c2a339802ff8b59cb644255ebeb394f79b2070ebda8162f6
Size: 40.30 MB - java-17-openjdk-jmods-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 633b31aed291d752f26fcf5eef58c43e
SHA-256: 9c58392764a211ff41535b50439dbf6e13c1f32704f2d0d0ed8167a50db4af37
Size: 259.12 MB - java-17-openjdk-jmods-fastdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: b496048c452decafb64d6a30381ce3ea
SHA-256: 52965cd69d5e082b9abe5071a1d445578427dae08a8f01928675250834ea7299
Size: 252.23 MB - java-17-openjdk-jmods-slowdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 40d5c42a27b78b70b58d24fc466c9856
SHA-256: 6be547e6d8b301ec601759244faf5cd7456258aaf845677455bb8c3112af3cdb
Size: 189.98 MB - java-17-openjdk-slowdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 437ced052f395554f3485d972b66da6c
SHA-256: 42d9c741b3d92fcd05a69bc85f83a58a1acfb0f207bad030147819bc5bc89759
Size: 439.73 kB - java-17-openjdk-src-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 0bf417e6573b0bd75360361ff2166b91
SHA-256: f38b921039c40a072e1281ed115f501949fad5d096a5116393b7dd459c6509b3
Size: 45.40 MB - java-17-openjdk-src-fastdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 2954c5c4477f308381a6978df921323e
SHA-256: 67a94062a40a7ba89f7bc81458864eb619cc26c3577a3843d51426e6544cdd14
Size: 45.41 MB - java-17-openjdk-src-slowdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: b8653872ed97c44d12aa53e7d7d21378
SHA-256: 33296d2d3ab139c7229eb0cd7e6139703ce7e3fcfe06d9a7e52bcf670ba2bf80
Size: 45.41 MB - java-17-openjdk-static-libs-17.0.9.0.9-2.el8.x86_64.rpm
MD5: e754155ad18d56b416a28ce028a9d995
SHA-256: fbdbc17617fc3e0a0cb645a01881b56c03d1d6c8e37fe75ec6bd8768a06ac100
Size: 36.77 MB - java-17-openjdk-static-libs-fastdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 29582cc1bb3c115639f5ac6b05488793
SHA-256: 465e3d1fa00527f0e3ef26c7b6a08c5f37676143fc6cb3e319fcf9c3836f0353
Size: 36.96 MB - java-17-openjdk-static-libs-slowdebug-17.0.9.0.9-2.el8.x86_64.rpm
MD5: 7a96ff0ae8b66435c18ea7f9b065294a
SHA-256: 83ee28363d9ea032613765f867d905d4529fb59421e5b1d630b64a7bc7ba5aa8
Size: 31.81 MB