java-11-openjdk-11.0.22.0.7-2.el9.ML.1
エラータID: AXSA:2024-7450:05
リリース日:
2024/01/24 Wednesday - 04:10
題名:
java-11-openjdk-11.0.22.0.7-2.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20918)
- Java の Scripting コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの読み取りを可能とする脆弱性が存在します。
(CVE-2024-20926)
- Java の Security コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20952)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2024-20919
CVE-2024-20921
CVE-2024-20945
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-20918
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-20919
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20921
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20926
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2024-20945
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20952
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.22.0.7-2.el9.ML.1.src.rpm
MD5: 386cefc5ffb2ba358c602865cefabd7a
SHA-256: 890f08faa5cb9f7804bab51f76b34d6a7d8208ad9e5b2829f049dd068b0408db
Size: 68.26 MB
Asianux Server 9 for x86_64
- java-11-openjdk-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: de799eea8fc14b4410006966cbdf2cba
SHA-256: 19686b98f6da8525fe91eb88ddfb8641eeab76717fd21824651b199cbb50ec6c
Size: 437.39 kB - java-11-openjdk-demo-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: ed400455930b04f6ff60766bea80b84a
SHA-256: 3423cb25742574d7f31a711b50320bf896e52556dcaf59f57b2ad01d7704ad3d
Size: 4.32 MB - java-11-openjdk-demo-fastdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 172237463c71815b19ca1de3fa273630
SHA-256: 9741f632a19afbb55c0decfcb6f79d96e92114819cc5b0e489f658731e2d817a
Size: 4.32 MB - java-11-openjdk-demo-slowdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: a672f06b4e5b9b9abf2fbfbf599f439e
SHA-256: dad44f8117cc8c7419d93b81faf0f343072cf6bea9fc68baafd1fed8306548f6
Size: 4.32 MB - java-11-openjdk-devel-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 77ca122d0a25e5f98c3b2fd741e9d55c
SHA-256: 8b7c4981e1835da6e76a419322e25f9521261a7a8ac49691f8334eed0806a900
Size: 3.29 MB - java-11-openjdk-devel-fastdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 2c82fe9e0884c26bb7ffef36426bfd7c
SHA-256: c3a0af976e94170f4de9a1bc73bd2ebb082f180ce538ca41d6f96ac9a11b28e2
Size: 3.28 MB - java-11-openjdk-devel-slowdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: a399ad492e1cea0522974221987c8b64
SHA-256: f05cff5d0d1b3b8541b026c8a4fe89edcaf856577f625ffd0c5eae9eac923c16
Size: 3.29 MB - java-11-openjdk-fastdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 3b9553aeda8a876d679b2d145bca295a
SHA-256: 1d76b3d6bd77528b54f5c113ad4134fedc3df84dc8e936d5910c42eb7eb69556
Size: 452.75 kB - java-11-openjdk-headless-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 102e2932377de4bc76bc09c46c8b9950
SHA-256: 7fbfd9b0fd45003ec85edab26f726198364c85ead9ef542fe18632b1129f666c
Size: 39.69 MB - java-11-openjdk-headless-fastdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 86e26f90b3bd34dcba3a34229988e465
SHA-256: d6c631c08276de4f584a61296ef9183b18893416e9d669780e29e0797afab806
Size: 45.24 MB - java-11-openjdk-headless-slowdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 588b25100b2a8d45cd18cd24861b20ef
SHA-256: 5519c481dd0a5f531a84898ec6f38d1439ca64e8bdff451d9ecc7e0ec9fd9ce6
Size: 44.20 MB - java-11-openjdk-javadoc-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: af5084cdd9847784e29cea99d3a13ee8
SHA-256: fa2b02d1066781fd9d922e0d1f61c55696df4a46ff63b918c4f0f938e89fc4b7
Size: 12.62 MB - java-11-openjdk-javadoc-zip-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: c52124d829e6ef9b52ea6a885a9f54f8
SHA-256: 8e014cf303ffe4c454e1f7710ed70411ea23f98bde2653562df387cfc678b9cb
Size: 41.15 MB - java-11-openjdk-jmods-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 0a4c702979f35c297ac877ea14c6bf8a
SHA-256: 70cecfdd653d4db44a0ba5d2619db5e1d9e0bf24687572406ed4694f44c37eb8
Size: 323.41 MB - java-11-openjdk-jmods-fastdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 45599776a2b849027b3b94ec8e5d8b16
SHA-256: 0609c0fd289e72b29f89b8c0411a9cb03028e003e512efab45c4131628cd8f1c
Size: 284.14 MB - java-11-openjdk-jmods-slowdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 0a156deb1ab68adc0cfcb580f2e5fc93
SHA-256: 00d2f8f397f5a5d045d17e19dfc0734160fb92c381d532d266e1083dbd6f25fb
Size: 211.52 MB - java-11-openjdk-slowdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 148402525b84fb148049551d7019e1d5
SHA-256: a2c8ea9877fce77df40f00a23c43e947bd8053a3dae4bb2a0d6433beae0e79ef
Size: 422.72 kB - java-11-openjdk-src-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: cfebc2fbd5ff3c50f2e2ac0e4e31e505
SHA-256: 42f7b7223ecea133f3f2b70382dfcf375bed50bf5e02a00c4857e31fa9557b68
Size: 49.70 MB - java-11-openjdk-src-fastdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: c2962871d6317a836697369b2a11591f
SHA-256: e0bde2892789e81bcdd4ff6e505ff25800fa2cd1904f9daff3ee29faa98ea41f
Size: 49.70 MB - java-11-openjdk-src-slowdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: be709d513db8c8f1d5e0a417d5ebad93
SHA-256: 627aa51d82cb03c55d2fce5c5f7d5bcbb9bf0109feda6d25f91e1251cb37e90b
Size: 49.70 MB - java-11-openjdk-static-libs-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 210201f00e9916436f1c01483971e980
SHA-256: af2d080958ee40fc06995774d1e6b75afb8456f616b626d6d92f4916edcbca70
Size: 31.62 MB - java-11-openjdk-static-libs-fastdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: 190522d7b7774f4acdca0e0d17f033e1
SHA-256: 429f8cfb002d768cc3265c525761a7a7ebb9bd92c8d44417be7d8868efed92e3
Size: 31.58 MB - java-11-openjdk-static-libs-slowdebug-11.0.22.0.7-2.el9.ML.1.x86_64.rpm
MD5: fdd7db83383347ee8a8e3b5410e6e5d4
SHA-256: 0c7546d266675f52d9c64844f9335777860cb34edbfaf31d2f638dd23a4eb5e3
Size: 28.47 MB