java-21-openjdk-21.0.2.0.13-1.el9.ML.1

エラータID: AXSA:2024-7447:04

リリース日: 
2024/01/24 Wednesday - 01:42
題名: 
java-21-openjdk-21.0.2.0.13-1.el9.ML.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20918)

- Java の Security コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20952)

現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

CVE-2024-20919
CVE-2024-20921
CVE-2024-20945

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-20918
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-20919
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20921
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20945
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20952
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-21-openjdk-21.0.2.0.13-1.el9.ML.1.src.rpm
    MD5: aa25703193f889c123611019cb2c10da
    SHA-256: 9192c157652072887493b2b0a42bc15d69a113fbbf5891f34b899953faa99a71
    Size: 65.69 MB

Asianux Server 9 for x86_64
  1. java-21-openjdk-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 07505dca426a19f32782282ec57e121b
    SHA-256: c0af84a649cc4df0e678be3e2a14c03577a9abcae8b9629ccd0d118f06c487d6
    Size: 445.30 kB
  2. java-21-openjdk-demo-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 8bfb94ba2fe5597b4873d3c26dd8e808
    SHA-256: e3381adc9dd47c1373093716eebcba1d36e0f9bb41d724d374c62ba53e5bf293
    Size: 3.14 MB
  3. java-21-openjdk-demo-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 9fbda1a961f8a6989a89dc3e681fbe21
    SHA-256: 470787be1faee5e031d1f96dd74bea53dc4804e67817ad6b22314dd457b03bc0
    Size: 3.14 MB
  4. java-21-openjdk-demo-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 494e0191a6c74244f11cf137dc27421d
    SHA-256: 3b92e88a1dd5f6c689ea14e8b88b39b954f200010b38f62c28ecb3d470fa3c53
    Size: 3.14 MB
  5. java-21-openjdk-devel-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 99fbdcb052a1895a2f518d4cba19f622
    SHA-256: aa310c3ad25c55494fe74943cc51ebef7b2f869704eb2a8de12ba3f4efdddcb1
    Size: 4.98 MB
  6. java-21-openjdk-devel-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 9cc8b542932962e6811b50d35d90e72f
    SHA-256: b7bf72047ff69cf31407216ed073329155ed18d78284245ce99e09b0d5d5d590
    Size: 4.98 MB
  7. java-21-openjdk-devel-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 44f4ddc3975a99c8c94eb5c9145737db
    SHA-256: 9e4c0b92f6a706f77e348b8a0ebe4204f9e45dff26e673f47cb4d299a648f8af
    Size: 4.99 MB
  8. java-21-openjdk-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 6a929355fbcd542eae401ae35e0fa9f2
    SHA-256: 9ee3141dd44285c6c2cdcafdd2893094a22929c2eb733029de082effd6ffc63c
    Size: 455.46 kB
  9. java-21-openjdk-headless-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 98bb7411dec9c8fd17548b729d462595
    SHA-256: 692258773d506e6bcf0a332247c5d45486a719b2b255a70bfd7199e7c1aa71f4
    Size: 48.40 MB
  10. java-21-openjdk-headless-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 432303ca7832aed0ecef405c194105c5
    SHA-256: 4ced03fcca04923e3923289cd20e01ef86927cc058a80aaea2b565b9eba7edbb
    Size: 53.09 MB
  11. java-21-openjdk-headless-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 2122e59852ca4eb7bc045c11cd45336d
    SHA-256: 94c4265ece9ded68f40efb4827a63cedc58d131445ec761b61ddb7f0276f7d7a
    Size: 53.20 MB
  12. java-21-openjdk-javadoc-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 321a393444d67ca3748af16fd7481be0
    SHA-256: 46d1d897ce0920a6a50e760707336bf8fa3e232836f49386d817d7fbcfc13cb9
    Size: 12.75 MB
  13. java-21-openjdk-javadoc-zip-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 5673576a1e9c63d6162f88e6b2e704d0
    SHA-256: 754de1c8af5182fe95e6250b0639b42b01a0230adefd8dda2d463d1e0e8c7568
    Size: 40.58 MB
  14. java-21-openjdk-jmods-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: bee0a3ea1b68ab17f7667b11de991a67
    SHA-256: 5bf4a8f142f62bfeeca09685ab3c16be7fead3831b57ce051bea655e371e5799
    Size: 308.53 MB
  15. java-21-openjdk-jmods-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 57bd2c2b23c31515d0d701d72d81fc8b
    SHA-256: 2c8ea384c3e9746362e83024790f470aadb215fdd938acfd023a8ef30b4ddc62
    Size: 362.35 MB
  16. java-21-openjdk-jmods-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: fec9f7e1f390b4aa0db3ac0c1d1ae8e5
    SHA-256: d4174f700f77e74ec1fc6eee1f7ab94f353861354a887b80d5449039ca169818
    Size: 279.67 MB
  17. java-21-openjdk-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: a1f71cdeafd684d24b44434d4b5b4319
    SHA-256: 54f13b3a8cc5e58e2c4d9c5c0389d6f2621a6b57a1cabf88f506a6d5d1e65c9b
    Size: 429.43 kB
  18. java-21-openjdk-src-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 2eed06db73d7a50984711bd98aaf972f
    SHA-256: aeba1b6e3889d32177920f8141841ff622443f928c7a68a0ccdd01c3e91b10ba
    Size: 46.65 MB
  19. java-21-openjdk-src-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: e6439224117b624b2a09e1474a79ac20
    SHA-256: aa9a5a29bc6bec09bf86d128bf49f82aca76de56f059b9aa7aaf121ea6854af1
    Size: 46.65 MB
  20. java-21-openjdk-src-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: f1a6b73922d5bdc1caff54f8196cf2fb
    SHA-256: 42a3a49950ce62283a0c3759b016cc18c9cae5be316f47d1b861a0aaecd2f976
    Size: 46.65 MB
  21. java-21-openjdk-static-libs-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: d40bb18e576ba01c7966d147fba73f6e
    SHA-256: 2d9683a70aa0acf35bd65c3384f801edd6f4c859b529b6b4f9e9b26c997a31a7
    Size: 38.04 MB
  22. java-21-openjdk-static-libs-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 9b15aa6949e820b9f50c0dc5ebe25f43
    SHA-256: 0fe6d76c59712de02f41afa942610a2788eb78d6e21a2c2d34a5d94103a81264
    Size: 38.38 MB
  23. java-21-openjdk-static-libs-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
    MD5: 75322fbee1080af9f03efa39b3663a91
    SHA-256: 5a7c21bfb6eea8dd89dcf472931def51bf35c757d1288c94f8e72a393ee00806
    Size: 31.40 MB