java-1.8.0-openjdk-1.8.0.402.b06-2.el9.ML.1
エラータID: AXSA:2024-7446:04
リリース日:
2024/01/24 Wednesday - 00:09
題名:
java-1.8.0-openjdk-1.8.0.402.b06-2.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20918)
- Java の Scripting コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2024-20926)
- Java の Security コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20952)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2024-20919
CVE-2024-20921
CVE-2024-20945
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-20918
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-20919
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20921
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20926
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2024-20945
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20952
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.402.b06-2.el9.ML.1.src.rpm
MD5: f523dff5d7d6d9f775298c01a9e32f23
SHA-256: 889169cf4082575f936af7a9de6d3ba054daac9ae82513b0d2892af019e0f2bd
Size: 57.41 MB
Asianux Server 9 for x86_64
- java-1.8.0-openjdk-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 3787427fc82c33023693d5460ae09376
SHA-256: 4a193952967ba953ee95424f2b2ceb5709d1e77719ba01567c4c4a0144bc05f7
Size: 455.63 kB - java-1.8.0-openjdk-demo-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 1130b931700750afa90e887084af5f12
SHA-256: e0ee031f13a10d09458165d09970b83c528e051fb836d7fe67eb57717e560cf4
Size: 1.95 MB - java-1.8.0-openjdk-demo-fastdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 94decfb5426a9a6b19b99646d03a08a6
SHA-256: b1fbb8ee9cc06db188b7b31e44a4396b29f2ca424ae58ee7b2b7bea47c6b6119
Size: 1.97 MB - java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: a0535419e3f7373304c9a039f52780d8
SHA-256: c85fc1820aedb36ea403fc5aba93fb73ff1aa27a6aceb03f13ed2b4cbea5b858
Size: 1.96 MB - java-1.8.0-openjdk-devel-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 02f3dfba6199ca09b8157a5bb28315d5
SHA-256: fd633d43da88404804cb48042fa14f679ef328f5f518e550ff1bdb7a225f192b
Size: 9.33 MB - java-1.8.0-openjdk-devel-fastdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 8da264bdc994a22ee60dad74ec7e4921
SHA-256: d3ec3fd1e824728470b73bf9465a80fd2e3a0077bda70ca95ad39d7f5edf2757
Size: 9.34 MB - java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 45f4c11fb6f300835271efee208c7e88
SHA-256: 245d5365d4b4509302152f7594a73146d24250edaa43c3d713d338b4f0746de6
Size: 9.34 MB - java-1.8.0-openjdk-fastdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: eada9f745e3f2b8a10a72afc2cee98cc
SHA-256: 68aecaa2b80ce427a0508528d91bba0f41d2f3062b9a48c50e926634dbb2ffb0
Size: 468.33 kB - java-1.8.0-openjdk-headless-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 53c4be5707322f0f6d2a67c4357c1a7e
SHA-256: dc911e4f9976846a3e3f597a31a47a564da9868a4ded4415bc8eddfcbeafd5f8
Size: 33.31 MB - java-1.8.0-openjdk-headless-fastdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: d691895583f8ce1eaa6a9a661a924da9
SHA-256: d44c918c5781b500bccfb2157d2ff315631e931516d4eb2caffe69ac185e1a3b
Size: 37.14 MB - java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: cdfdc2becc71b380ac2947e0fba7cd31
SHA-256: 42ab3ab5436d295fdd8c0a1a7fcc3d2a20261fab99bec72d72270aae547dd816
Size: 34.99 MB - java-1.8.0-openjdk-javadoc-1.8.0.402.b06-2.el9.ML.1.noarch.rpm
MD5: 0a6093de29482b3c6d4792dd2229aa01
SHA-256: eafa6de74f1ad96609515e2bb1e9e708db9de181f77c3505253286a2607bf1d0
Size: 11.86 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.402.b06-2.el9.ML.1.noarch.rpm
MD5: f77a32732d72f84256e0d3e6ae6bc3af
SHA-256: 7006297a2a8bb3206f83dd1af360199eaa6bdae5b60f71021381cd4e9e1bf17f
Size: 40.90 MB - java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 7a7ee114314535f30c1f682a05908f70
SHA-256: c53838b7380114e7f9b00c6abb93803f2abd42595e36cccd961e99635790f131
Size: 445.91 kB - java-1.8.0-openjdk-src-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 94cf98787e0d928eaef7f1c9f1da8120
SHA-256: f08553b20abcc0eb88305cc4d699b9654be8b1ccef4e9c01f0d929780f37ed05
Size: 44.64 MB - java-1.8.0-openjdk-src-fastdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: de0717995094511019e18cf648a8c7ef
SHA-256: 5e27cf393995c359be0d36ca6eab98b5b69a8c9ad25c6a91b274784701816f4e
Size: 44.64 MB - java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-2.el9.ML.1.x86_64.rpm
MD5: 3546aee4ab2fd4cc5a835ea5ba29c76b
SHA-256: c262fedbed2484530b5ce933377f32e1a564c37f1f21a3d1536c4b5795c90f50
Size: 44.64 MB