java-17-openjdk-17.0.10.0.7-2.el9.ML.1
エラータID: AXSA:2024-7461:04
リリース日:
2024/01/24 Wednesday - 07:40
題名:
java-17-openjdk-17.0.10.0.7-2.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20918)
- Java の Security コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20932)
- Java の Security コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-20952)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2024-20919
CVE-2024-20921
CVE-2024-20945
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-20918
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-20919
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20921
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20932
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2024-20945
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-20952
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-17-openjdk-17.0.10.0.7-2.el9.ML.1.src.rpm
MD5: 874596151a0625eb46a98d71e5e7c4c1
SHA-256: 00a881813148cbcdacb5c6318a40a56b631d4c1aa3c4b8b61e6eb910c0ad4848
Size: 62.84 MB
Asianux Server 9 for x86_64
- java-17-openjdk-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 5eeb49f9e22d3994faab9406395cd2d0
SHA-256: de48795a7ae3844254497e613349f5957478a8b6a8c46eea103a176f58316837
Size: 433.12 kB - java-17-openjdk-demo-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: d5acde35611259902dd64e8b2c0abdce
SHA-256: 65171fec9bad7b9189a243edc4ba68fe3d2bf5a04a29295a5608f063f2388f58
Size: 3.38 MB - java-17-openjdk-demo-fastdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 9f0eadabad5268f6f6e2fb036f1db66b
SHA-256: 39e17960b32e209b399a754fbb0b3d05ee7655910e9e4defccb37772c94f5688
Size: 3.38 MB - java-17-openjdk-demo-slowdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: aaec364592b8a3943455c7f774b8c5b9
SHA-256: e20f329c2ff9527ce6f01b08a47813c3c2a18b9f59334a4b1f4b84b838431a67
Size: 3.38 MB - java-17-openjdk-devel-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 4943ee6e19b89291989d63ee3402601d
SHA-256: b5fc02f926d972019908c28ece41f193032668943a326bca45ae9461fdd5720e
Size: 4.71 MB - java-17-openjdk-devel-fastdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: e53ae204dc8fbf06a9ac466d91219524
SHA-256: 25dc1afaba8ee2aebcfa7c60208cda6095205658795c58f3ba6c03d4335d898a
Size: 4.71 MB - java-17-openjdk-devel-slowdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: c35d9d93fd82c034616381cd2defa5c2
SHA-256: 66729f40787f991e4b37d3f76703ed5805f916ad09ec7bde4314545f5b281a66
Size: 4.71 MB - java-17-openjdk-fastdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 728813f21aff02e77d8ea7ab771356bb
SHA-256: a05642f97b0bfffeec80ff0c03ce6910980150e2db72b2f3d3eae00a4a9fa30b
Size: 442.23 kB - java-17-openjdk-headless-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 27ee41d3d82afaf009656b22d5f1320e
SHA-256: 7dc388722354be7be512d76fb93eab28cb257ebc9f9c387eedf0def70bf936b8
Size: 44.90 MB - java-17-openjdk-headless-fastdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: ef91960ad2d2a23eb927644fcd654e46
SHA-256: f7982bc87ee6fdef2915311e2b2374c1e0a022978a8c8ae41304aa4ee02d571c
Size: 50.04 MB - java-17-openjdk-headless-slowdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 7a7cfef4c82cfb75a871c51a1c63e225
SHA-256: 2ab2adf00882dd819e036539da661d5e9c2b1ec7a716789101564ccb4a2edbce
Size: 48.56 MB - java-17-openjdk-javadoc-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 9246acf5ad1208f8b1642e81068facaf
SHA-256: 654bc906d4fbae876fd6cf0a97e9b96169b5fb3f7e9df08489e36b6606b70f5b
Size: 12.49 MB - java-17-openjdk-javadoc-zip-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: f340896ae01c0899c611ce8382c5d8d6
SHA-256: 879086c4b6ec391d8f6bb37f42a4699a06ef2fe162452eb7c5a2d2be7cac4966
Size: 39.44 MB - java-17-openjdk-jmods-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: b2c2199544f589863d3d263be00f5469
SHA-256: 9242b13adfbc64f26a525c7bc563fced7e388a3b3c315f0a27e3870a81b121f6
Size: 248.90 MB - java-17-openjdk-jmods-fastdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: fb459a16edaf38bad44b4ba2e6c7db6d
SHA-256: e4c25a60e8b4cfd468a884904ca48a66386edb0ead58f2a462aadbf371666a6f
Size: 247.94 MB - java-17-openjdk-jmods-slowdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: b4c11ee6371bfe843197b79d3ba4c005
SHA-256: c881211ed1fe31afd4269b9574f54ec8a1f7bfa062417dff70d9a7bb74d97fe8
Size: 178.58 MB - java-17-openjdk-slowdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 5ef8203c8c6148e9b193617dc70ad702
SHA-256: 6fe8a102f4806e63969536be2d24ece64681fcfc3d8271acb595fe6a8e821faa
Size: 411.98 kB - java-17-openjdk-src-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 761535c89a39ad19fd777c21e9605b44
SHA-256: 376d78351d4679ebf78497e8d02cf0055d17cb049af0e4ef59b87b5c64e046dd
Size: 44.76 MB - java-17-openjdk-src-fastdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 09cf69f4a0122fd2721e1c1c9e1a2821
SHA-256: fc47f398ecda986384542bf321f48257737a33d84b50e3d029cd1b2df8d248d0
Size: 44.76 MB - java-17-openjdk-src-slowdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: ad1c24e31bff60bfc67f981769c69c2b
SHA-256: 0532c6a46d12ce0dc86103d8071d668e7685a1a248f837f5ebeb11dea60581f5
Size: 44.76 MB - java-17-openjdk-static-libs-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: c53156323ea0dbfe0222da2b16402010
SHA-256: 1269960e7559017a777456c17e19c1dd657e7c19ff788ac6ace106197fe0c88f
Size: 32.58 MB - java-17-openjdk-static-libs-fastdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 5e8d3929554335b54b6276da67024c9a
SHA-256: e319fb0cc3a744540a2ae66eea3bd68fb3ada1055dd668382ea29f227865e713
Size: 32.66 MB - java-17-openjdk-static-libs-slowdebug-17.0.10.0.7-2.el9.ML.1.x86_64.rpm
MD5: 3f4db982417a4b85846201ecb70f6c0a
SHA-256: f23caf14c3850acf7a0a06a4e0ea1d7d60625441306dccaf6566e7f24585dff1
Size: 29.30 MB