java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1
エラータID: AXSA:2024-7708:10
リリース日:
2024/04/24 Wednesday - 09:23
題名:
java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21011)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21068)
- Java の Concurrency コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21085)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21094)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1.src.rpm
MD5: f89a2fe5247a00a816822f9664246335
SHA-256: 2d2a235e96f2d155865b16272cbb2a7b37f57257d701ad3cfe6381a1b49ec29d
Size: 58.16 MB
Asianux Server 9 for x86_64
- java-1.8.0-openjdk-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: a0bf35afc9d21eb86cc9c0ec14b39497
SHA-256: 860ffdd0bfa6e0b8906d107f7fef02596f49444d02cb883c13e0f9527e6d4acd
Size: 456.78 kB - java-1.8.0-openjdk-demo-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 551b0b97e25205b2a7742400b4220a97
SHA-256: 2a0f64b89e96eb0a1d6f2b2443837104d3ca7965b5ca985ee4237d9eccaa304a
Size: 2.04 MB - java-1.8.0-openjdk-demo-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 37f4537facb8cebf5d419946309837e4
SHA-256: 593badbbb67faba3f3d74c20f76f4d0cf7e91d51857e58ad0a1f218162c7b606
Size: 2.06 MB - java-1.8.0-openjdk-demo-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: a46f876414d4a43788f095325a06f46a
SHA-256: c3e54d13f58eaa513099214a46e62a72e902dbed80091d89428c66f6409d5df4
Size: 2.05 MB - java-1.8.0-openjdk-devel-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 6df7c4af2e057bd00be0f758ba1df866
SHA-256: 91acdd5eb11910a3ce37cf6e911cf68f530ceafb117545e7a17834cd5de8da5f
Size: 9.35 MB - java-1.8.0-openjdk-devel-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 33a539e53f3bb81593870702d8b2caed
SHA-256: bc4699461ab07e9c38c97bb4222ea33750f598d67e37bd914b481f5dcfcc9534
Size: 9.36 MB - java-1.8.0-openjdk-devel-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 8991d888527a5b8513f2cf1286b95497
SHA-256: a7a5037b0823bb4835ea996255ea4950d78dd1e79766fbe8baab6c32bdc4a37b
Size: 9.36 MB - java-1.8.0-openjdk-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 27fe31d77565cc88df9cd0b9464aef4b
SHA-256: 07fc654e5d9b1ef43e5a02c7796802b626624c507c707a4dff95df1e3ba8ca27
Size: 469.52 kB - java-1.8.0-openjdk-headless-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 551b1021d2c5c6f38d2e0aff2d5c72d4
SHA-256: b91937e9db6ccd3a04872e61a9eae930c464f5962215cf55a4a96f621d8d6ccf
Size: 33.33 MB - java-1.8.0-openjdk-headless-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 85de50bb48329d1abe31ee50edae1622
SHA-256: 51a76c85f1c1476cc29f1e2d6da23203c20193a660b62f687a206e5dbc5e0762
Size: 37.19 MB - java-1.8.0-openjdk-headless-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 7510120b949a4d1e0885fbfc81cd456a
SHA-256: 0fc53fac375c62f3e673025054111931511ad68bc504e1037edc674704b1ba63
Size: 35.08 MB - java-1.8.0-openjdk-javadoc-1.8.0.412.b08-2.el9.ML.1.noarch.rpm
MD5: 8111166d30fa950c3af3b4216a09c4b8
SHA-256: c3cd9d44909ca3be49fb41f5aa3ee15413fc95aefd6e9f2b85c93ead6f40166f
Size: 14.46 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-2.el9.ML.1.noarch.rpm
MD5: b24fd570a97abccedf04d758cef73ab2
SHA-256: 9db0a6e4354988368075d6e8faf442a1f3fa11f2c729fb100d03afa59ff3cf3f
Size: 40.86 MB - java-1.8.0-openjdk-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 8ab9f70d0abc80a1c02f2a7b17bd567a
SHA-256: 3fa2a2eb76bf53852d3d13e48735b5e3f88132764ae8bb14219720b191c7ddd7
Size: 444.39 kB - java-1.8.0-openjdk-src-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 495b6bfafce25d1b9d1bffc786da28d8
SHA-256: c7060efffc49e4e05d96a47c98b7f6f43169509c1453cc99a40d8b68ca31e8c7
Size: 44.63 MB - java-1.8.0-openjdk-src-fastdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 9ebac5ab39b85737f639626e2a721b8f
SHA-256: c369c292b63f28e539cdb5ce27425521de701c9ba0c7d898ea75e23aef0e0bc4
Size: 44.64 MB - java-1.8.0-openjdk-src-slowdebug-1.8.0.412.b08-2.el9.ML.1.x86_64.rpm
MD5: 1d9faaa63a21749892d8db4cf49b1a65
SHA-256: cfd58ecb9c1ff62cd642d058f53faeaf9bab1fb220a338d967fb72e5b21fa15f
Size: 44.63 MB