java-1.8.0-openjdk-1.8.0.402.b06-2.el8

エラータID: AXSA:2024-7448:05

リリース日: 
2024/01/24 Wednesday - 02:00
題名: 
java-1.8.0-openjdk-1.8.0.402.b06-2.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20918)

- Java の Scripting コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2024-20926)

- Java の Security コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20952)

現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

CVE-2024-20919
CVE-2024-20921
CVE-2024-20945

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-20918
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-20919
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20921
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20926
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2024-20945
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20952
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.402.b06-2.el8.src.rpm
    MD5: 499f3ff81e36f009ad97b79ab4d84084
    SHA-256: 971e00303f4353b5ca014f7d731909d5436e7ff09d8a55663e84b5a2de490374
    Size: 57.45 MB

Asianux Server 8 for x86_64
  1. java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: cca641dde0167232e12c6d91460ee451
    SHA-256: 9ea90f20834ec50ca5f5107c2a8e531cc0b489d73909d96e6da15227fe748454
    Size: 549.95 kB
  2. java-1.8.0-openjdk-accessibility-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 41ec3f3c9c8778601e9747747f160d66
    SHA-256: 02d42ed95d75fe5b73e381b8591a1adb9b4f000ecca358c455db5ae52211a562
    Size: 118.59 kB
  3. java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 4f34f51bac51c40b192f6efcabd0eb63
    SHA-256: 44a15918bc1f4d3b51da3dde1f9a090149d08501a33d5e08490853458c3eaf90
    Size: 118.43 kB
  4. java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 1e37101019ed12df8f530fc88f6bb837
    SHA-256: 387d84756187efc5a1b6baec0e935c0462ae8b8951f439a62cd18859a67ed786
    Size: 118.44 kB
  5. java-1.8.0-openjdk-demo-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: fd69b53fac13ae0b4e190132a85b8e00
    SHA-256: 7b6c5802185fbb9b325ee8810bad0b0eb85ef570eca9a9e9465b7ed29dca90fe
    Size: 2.06 MB
  6. java-1.8.0-openjdk-demo-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 4273f27825121ce346ba077d00c1437d
    SHA-256: 743333c80e8d1a368b6d970286c173b499e7384973186ef15036e5f6ddc8be70
    Size: 2.08 MB
  7. java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 76d58c0bf4542670e34517912ef0d011
    SHA-256: 95775d0fa0be3f4b3a1ded39b80a99e500517510d050abbd04ca899ebe7be654
    Size: 2.08 MB
  8. java-1.8.0-openjdk-devel-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 8c0040318ff6d4ce459b0716f4b032f9
    SHA-256: 42363343c648efe1a15ba2f687e063d196cbf41b2eed4d11228fbe5e073e6469
    Size: 9.94 MB
  9. java-1.8.0-openjdk-devel-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: b3c347cd2dd7fe5f2754c558df8b1e7b
    SHA-256: 6010c2a94c8a6ccae2fae9d6b4ad7d374e201302e90541ffef30a2c04ec1fb80
    Size: 9.95 MB
  10. java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: eb3c50e903751fc95bbeb44bc462793a
    SHA-256: 073bec965ea39bbebd384bbcceaeb2f5a000d780b1111a2d811b7f8de87ab213
    Size: 9.95 MB
  11. java-1.8.0-openjdk-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 3b30dc33381cf38ec2ad924d69652a78
    SHA-256: d24cd5a5a6b305e83a72ea68799cf29e2c891099c26ec3d38c153b615b69f4d2
    Size: 562.90 kB
  12. java-1.8.0-openjdk-headless-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: d54e0dacebda7e9e4873cee6afa3a4ae
    SHA-256: 0c5fe3ae2775de90cfb997f6617e80cfc56f29d8082357ea55ccbe7889abc7bc
    Size: 34.45 MB
  13. java-1.8.0-openjdk-headless-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 2c86175840484eb945b67a5b840d0f48
    SHA-256: 790b0cd4301cea70015470e884f6c56aa5679d17b1f5bf527f42a953ff3679b1
    Size: 38.09 MB
  14. java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: d11138b1759adcb547cde170221aa423
    SHA-256: da2ee61b9365500f4818f0dc10a6f3a5f8073f87e64f94f95f4e7841963207e1
    Size: 36.27 MB
  15. java-1.8.0-openjdk-javadoc-1.8.0.402.b06-2.el8.noarch.rpm
    MD5: 4bea3864f323791e0392a5e5e5262f04
    SHA-256: c8c891f173d29e7a131a05a76621bf3878bed82f39288a73aba4ec8df091a163
    Size: 15.20 MB
  16. java-1.8.0-openjdk-javadoc-zip-1.8.0.402.b06-2.el8.noarch.rpm
    MD5: b122842b121ef01fd822fc8a60950cc3
    SHA-256: db65c47972b1ab3e6d03febafef2786352803507a54fa68e1154bf443105df6e
    Size: 41.75 MB
  17. java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 68745014bbcd91a57070744d8fe08783
    SHA-256: da6116b050ff043b0707aa3fda93edc9e10d92cae971d3ab687c92e04001654d
    Size: 539.36 kB
  18. java-1.8.0-openjdk-src-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 75e862cc03f188a4db95c468316aadec
    SHA-256: cf164fc721b97271dca496cbf5aaa678309157738dae29a54e476d9bddae1b7b
    Size: 45.51 MB
  19. java-1.8.0-openjdk-src-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: c9cdd24871b6fd73ab79e59386d415e3
    SHA-256: 97b5b5ca8527a91198d982eb36784fb2adddb05c1fe9952e9d46027620a85e05
    Size: 45.51 MB
  20. java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm
    MD5: 8f3eb170ba4855b8d20c4d35269998eb
    SHA-256: ee459ade914d9c28fbead6b12869b557eb4f0c055318cc183898d82645ad450b
    Size: 45.51 MB