java-21-openjdk-21.0.2.0.13-1.el9.ML.1
エラータID: AXSA:2024-7447:04
リリース日:
2024/01/24 Wednesday - 01:42
題名:
java-21-openjdk-21.0.2.0.13-1.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20918)
- Java の Security コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20952)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2024-20919
CVE-2024-20921
CVE-2024-20945
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-20918
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-20919
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20921
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20945
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20952
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-21-openjdk-21.0.2.0.13-1.el9.ML.1.src.rpm
MD5: aa25703193f889c123611019cb2c10da
SHA-256: 9192c157652072887493b2b0a42bc15d69a113fbbf5891f34b899953faa99a71
Size: 65.69 MB
Asianux Server 9 for x86_64
- java-21-openjdk-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 07505dca426a19f32782282ec57e121b
SHA-256: c0af84a649cc4df0e678be3e2a14c03577a9abcae8b9629ccd0d118f06c487d6
Size: 445.30 kB - java-21-openjdk-demo-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 8bfb94ba2fe5597b4873d3c26dd8e808
SHA-256: e3381adc9dd47c1373093716eebcba1d36e0f9bb41d724d374c62ba53e5bf293
Size: 3.14 MB - java-21-openjdk-demo-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 9fbda1a961f8a6989a89dc3e681fbe21
SHA-256: 470787be1faee5e031d1f96dd74bea53dc4804e67817ad6b22314dd457b03bc0
Size: 3.14 MB - java-21-openjdk-demo-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 494e0191a6c74244f11cf137dc27421d
SHA-256: 3b92e88a1dd5f6c689ea14e8b88b39b954f200010b38f62c28ecb3d470fa3c53
Size: 3.14 MB - java-21-openjdk-devel-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 99fbdcb052a1895a2f518d4cba19f622
SHA-256: aa310c3ad25c55494fe74943cc51ebef7b2f869704eb2a8de12ba3f4efdddcb1
Size: 4.98 MB - java-21-openjdk-devel-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 9cc8b542932962e6811b50d35d90e72f
SHA-256: b7bf72047ff69cf31407216ed073329155ed18d78284245ce99e09b0d5d5d590
Size: 4.98 MB - java-21-openjdk-devel-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 44f4ddc3975a99c8c94eb5c9145737db
SHA-256: 9e4c0b92f6a706f77e348b8a0ebe4204f9e45dff26e673f47cb4d299a648f8af
Size: 4.99 MB - java-21-openjdk-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 6a929355fbcd542eae401ae35e0fa9f2
SHA-256: 9ee3141dd44285c6c2cdcafdd2893094a22929c2eb733029de082effd6ffc63c
Size: 455.46 kB - java-21-openjdk-headless-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 98bb7411dec9c8fd17548b729d462595
SHA-256: 692258773d506e6bcf0a332247c5d45486a719b2b255a70bfd7199e7c1aa71f4
Size: 48.40 MB - java-21-openjdk-headless-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 432303ca7832aed0ecef405c194105c5
SHA-256: 4ced03fcca04923e3923289cd20e01ef86927cc058a80aaea2b565b9eba7edbb
Size: 53.09 MB - java-21-openjdk-headless-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 2122e59852ca4eb7bc045c11cd45336d
SHA-256: 94c4265ece9ded68f40efb4827a63cedc58d131445ec761b61ddb7f0276f7d7a
Size: 53.20 MB - java-21-openjdk-javadoc-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 321a393444d67ca3748af16fd7481be0
SHA-256: 46d1d897ce0920a6a50e760707336bf8fa3e232836f49386d817d7fbcfc13cb9
Size: 12.75 MB - java-21-openjdk-javadoc-zip-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 5673576a1e9c63d6162f88e6b2e704d0
SHA-256: 754de1c8af5182fe95e6250b0639b42b01a0230adefd8dda2d463d1e0e8c7568
Size: 40.58 MB - java-21-openjdk-jmods-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: bee0a3ea1b68ab17f7667b11de991a67
SHA-256: 5bf4a8f142f62bfeeca09685ab3c16be7fead3831b57ce051bea655e371e5799
Size: 308.53 MB - java-21-openjdk-jmods-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 57bd2c2b23c31515d0d701d72d81fc8b
SHA-256: 2c8ea384c3e9746362e83024790f470aadb215fdd938acfd023a8ef30b4ddc62
Size: 362.35 MB - java-21-openjdk-jmods-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: fec9f7e1f390b4aa0db3ac0c1d1ae8e5
SHA-256: d4174f700f77e74ec1fc6eee1f7ab94f353861354a887b80d5449039ca169818
Size: 279.67 MB - java-21-openjdk-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: a1f71cdeafd684d24b44434d4b5b4319
SHA-256: 54f13b3a8cc5e58e2c4d9c5c0389d6f2621a6b57a1cabf88f506a6d5d1e65c9b
Size: 429.43 kB - java-21-openjdk-src-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 2eed06db73d7a50984711bd98aaf972f
SHA-256: aeba1b6e3889d32177920f8141841ff622443f928c7a68a0ccdd01c3e91b10ba
Size: 46.65 MB - java-21-openjdk-src-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: e6439224117b624b2a09e1474a79ac20
SHA-256: aa9a5a29bc6bec09bf86d128bf49f82aca76de56f059b9aa7aaf121ea6854af1
Size: 46.65 MB - java-21-openjdk-src-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: f1a6b73922d5bdc1caff54f8196cf2fb
SHA-256: 42a3a49950ce62283a0c3759b016cc18c9cae5be316f47d1b861a0aaecd2f976
Size: 46.65 MB - java-21-openjdk-static-libs-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: d40bb18e576ba01c7966d147fba73f6e
SHA-256: 2d9683a70aa0acf35bd65c3384f801edd6f4c859b529b6b4f9e9b26c997a31a7
Size: 38.04 MB - java-21-openjdk-static-libs-fastdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 9b15aa6949e820b9f50c0dc5ebe25f43
SHA-256: 0fe6d76c59712de02f41afa942610a2788eb78d6e21a2c2d34a5d94103a81264
Size: 38.38 MB - java-21-openjdk-static-libs-slowdebug-21.0.2.0.13-1.el9.ML.1.x86_64.rpm
MD5: 75322fbee1080af9f03efa39b3663a91
SHA-256: 5a7c21bfb6eea8dd89dcf472931def51bf35c757d1288c94f8e72a393ee00806
Size: 31.40 MB