java-17-openjdk-17.0.11.0.9-2.el8
エラータID: AXSA:2024-7705:07
リリース日:
2024/04/23 Tuesday - 21:08
題名:
java-17-openjdk-17.0.11.0.9-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21011)
- Java の Networking コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-21012)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21068)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21094)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-17-openjdk-17.0.11.0.9-2.el8.src.rpm
MD5: 5624a77f532047180127ff481006ac99
SHA-256: c9d7a0b4d509de846ac8345e6c75ea51d3bd0fa6169568a7da563d12ddd4f3c5
Size: 63.03 MB
Asianux Server 8 for x86_64
- java-17-openjdk-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 63fbfd39eeba962d5f4651c8c5b7b830
SHA-256: db7c7ec3ea0d7d17c8c1c5ad50893ec23520e1f6f76ddd162fb848735c918503
Size: 461.23 kB - java-17-openjdk-demo-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 5727db22e32e0a225255f32a5846c40a
SHA-256: 035d4fd3e512bdb080e331c5e1d0271c86a052028552fd90381102655649657f
Size: 3.43 MB - java-17-openjdk-demo-fastdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 3a70d15ea3a572a79cc1d71b8b8ccb88
SHA-256: 82d0c707751dcd4e6f9a550c868b47b5fe6435533e665460f9f02c8d598d904e
Size: 3.43 MB - java-17-openjdk-demo-slowdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 8211a664f3b27ff918ad8d6a6f626be5
SHA-256: 8ec143b88557bd7e206f0a4c75a2d1dcd016692c0b9504b442532744c67bac0f
Size: 3.43 MB - java-17-openjdk-devel-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 971ea0809496def83f0b96a4529f04f0
SHA-256: f55bd6262c21c1f5df26df97670b73be35cda42cfd030819a319384dc0225806
Size: 5.11 MB - java-17-openjdk-devel-fastdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: bc28e22bcaa26c07b1c46700e2a91e2f
SHA-256: c311d6bd49815ffc102cac0fabe9e7c34e3c69b26aa92d5d5796b84024f75dcc
Size: 5.11 MB - java-17-openjdk-devel-slowdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 6091b10d7ae15a59fc7a58a6411a82b6
SHA-256: c46eb29ebb2cb797cd85d20513f79166be976714532e25d3f16e366dfef5d3c9
Size: 5.11 MB - java-17-openjdk-fastdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: d90449f51414dbba1f0e989ddefcb13e
SHA-256: 8d36013a312f1420fd3abdb8d60569f976ab726a9282cf58a0fbda27140ffad0
Size: 470.26 kB - java-17-openjdk-headless-17.0.11.0.9-2.el8.x86_64.rpm
MD5: f01d36e7e9a905643167c1a159c8e523
SHA-256: aac495bfed016f29b411bc649760ab77b7e726850657f5ef2e28abb8e891809c
Size: 46.45 MB - java-17-openjdk-headless-fastdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: d0dfe95245d47befd3b7d0d695746571
SHA-256: 812771b347ce6f08f90258ed6415c1b35431c007a83636b2b33144127683e855
Size: 51.04 MB - java-17-openjdk-headless-slowdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: d1ec39b94b4cc593aba4f13211118adb
SHA-256: 46927601b6c6accf0f0d01ccf3102b1ae96a7ef096c891549a23eab9045c02c5
Size: 50.23 MB - java-17-openjdk-javadoc-17.0.11.0.9-2.el8.x86_64.rpm
MD5: e25e5bb095e8627a2e335c3a629eeda1
SHA-256: 79737b4fd0663c55527e0a907efd48f344a97c6c82857ffa667f620e94ea1e17
Size: 16.02 MB - java-17-openjdk-javadoc-zip-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 2e299f429b9ae3b7eb621678e8697f62
SHA-256: c6aec83a405551a77248a9508b694b4cd7580c451610e0e4738b6f06d9499b88
Size: 40.28 MB - java-17-openjdk-jmods-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 407d941e9fe5e0eeb08a554ba2740fa0
SHA-256: 240557bd544962694645c0f9ceb2aa552ac3033dbaccbfabbf901b2569ee6f8a
Size: 261.56 MB - java-17-openjdk-jmods-fastdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 0de9df7a361bd48b156701ddf68939d7
SHA-256: 141f755e2c707c97294fbd7bba41ba2c52a5a19f3c2d58b7e3e3fd005c40eb7c
Size: 254.70 MB - java-17-openjdk-jmods-slowdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 19254607255a3dab03c9aaf98be0d66b
SHA-256: dae63b1dde9e7153a44b1208621b67231b39d67ee86ef03ab9cf7691e9563383
Size: 192.00 MB - java-17-openjdk-slowdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 71f8e45eb17d7092fe87fcbd7ada6eb7
SHA-256: c93a3818dc763d5218169a4a0ee562d847d389914980af970c96d0e00d5e0083
Size: 443.66 kB - java-17-openjdk-src-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 7f5ac158af022d6ba530a0af9d3fd764
SHA-256: ca9dec99c14f1b484612d1f76bfe9978e1c4d2a7d55c1325dacad8e8ec021b44
Size: 45.42 MB - java-17-openjdk-src-fastdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 1c64ef7ba50e1d7db7ac0f7a139bc91c
SHA-256: 50a25fdd8c941f086cd4d214850af8f22472bb4c7c71dac65658af72e0541817
Size: 45.42 MB - java-17-openjdk-src-slowdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: d23b86807bd9ca6f850fe2a1286d2973
SHA-256: 0afe96acfb3160711efdf11864156a53b1501af1f79a72c823fcc6abba4506f9
Size: 45.42 MB - java-17-openjdk-static-libs-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 9b35380688e12d65a755414f2ab0fbac
SHA-256: 261fe982bab333f9adbd5cb299e1864a42c479a12c08ef8e205cae827d790911
Size: 39.68 MB - java-17-openjdk-static-libs-fastdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: 1e763f157d346ecd3c23d8ef21cac2b6
SHA-256: da39b1b4bde1285fbd712c48622c24155d0bbb62d003fe5f4321e60e33548ec1
Size: 39.94 MB - java-17-openjdk-static-libs-slowdebug-17.0.11.0.9-2.el8.x86_64.rpm
MD5: c51e1d43e9abc4ff262cde5254660465
SHA-256: 21b6069a586b80c277b64bb48bd1e41ed010908c901ee8692ff77bc0ad40c8a5
Size: 34.29 MB
English