java-17-openjdk-17.0.11.0.9-2.el9.ML.1

エラータID: AXSA:2024-7716:08

リリース日: 
2024/04/24 Wednesday - 18:25
題名: 
java-17-openjdk-17.0.11.0.9-2.el9.ML.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21011)

- Java の Networking コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
不正なデータの操作 (更新、挿入、および削除) を可能とする
脆弱性が存在します。(CVE-2024-21012)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21068)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21094)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-17-openjdk-17.0.11.0.9-2.el9.ML.1.src.rpm
    MD5: 8b0922053914341d6a54c58eeb552a63
    SHA-256: 699b38dcafdbad79ce10d5719344d219897582d4903748f0137c6fed5a4d8495
    Size: 63.00 MB

Asianux Server 9 for x86_64
  1. java-17-openjdk-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 2fa53d1b4b1871982d7659c2237b27d1
    SHA-256: 700ef63f1969a3b9717b66d21c070d6deaa978ee2ff58a04176e6d921fc93cf6
    Size: 429.54 kB
  2. java-17-openjdk-demo-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 65d937117aa91a74a6e4252a6cb481b2
    SHA-256: 812a10f63ec6ffe11337a84a5c3016cc16c806b5771129bec3b3adb0493f7a67
    Size: 3.41 MB
  3. java-17-openjdk-demo-fastdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 8a1843e3061458bd18b460b9b673afd4
    SHA-256: e308d289ca9f274ed720e7014c03e056ab57ce844bdfbd7b5758fa16fd828661
    Size: 3.41 MB
  4. java-17-openjdk-demo-slowdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: e3e0b6846caadd32687647d941af9dd7
    SHA-256: cfc6f6ba46a80603138d3d58b9bfa7d6353c000f2f7947c06416637494259bda
    Size: 3.41 MB
  5. java-17-openjdk-devel-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 41ca6f4259d55169816eecbaca195b44
    SHA-256: 580c1b240909316c53c81d07cff32841efebcdf7ac5d0234b2233e6081940c63
    Size: 4.72 MB
  6. java-17-openjdk-devel-fastdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 460310778d2ff07a7bc7be8091bf3020
    SHA-256: c6dd5f9d9cbbe9f8efce57896a1e06c4e2edb394ec08af4e9e6c09e0a80c17ab
    Size: 4.72 MB
  7. java-17-openjdk-devel-slowdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 76c28b37760313f43579524f50db5c22
    SHA-256: 5bff53e5ae7cd3c37962d349ea783bd37133b0dcf7af1b0061eb18d705399dad
    Size: 4.72 MB
  8. java-17-openjdk-fastdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: bb70f2944b5a2fb7acb502ecdd737382
    SHA-256: bbdc5ade3600d865609cddebd8d5c5b0355f246b1dee5265c95f73d5ba07c3b9
    Size: 438.45 kB
  9. java-17-openjdk-headless-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: fd0117fc479c9b857a2c106de45416f0
    SHA-256: fd044ad80cdb71f49934acf7f6902c3ba6097a3e88fdaa9a8841955079e207d1
    Size: 45.01 MB
  10. java-17-openjdk-headless-fastdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 9489486c88af0288ea3ccde8781f261d
    SHA-256: cbe621e4c19efea319fd89e7e74ec9d3636ff007eb93f6658a82f3f7f4d22baf
    Size: 50.14 MB
  11. java-17-openjdk-headless-slowdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 214f492a44153fe0fca1b2ad43990870
    SHA-256: 84f42a9224ca6433c5d94f9426b25b01d1c7b7c2a9d572a655907221f2968741
    Size: 48.67 MB
  12. java-17-openjdk-javadoc-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 5e98c74894fac0e195c5e86ba8b817d5
    SHA-256: cdb8c44f25e3616d6935ce9221b4058a523f30b67a538026a7e871cbe428168a
    Size: 14.70 MB
  13. java-17-openjdk-javadoc-zip-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: aa0ab56afc937b70b11c1387b7842e48
    SHA-256: c9fff36810757341813f229d1db98ddf6abdac2000fa72d121137fca668912a8
    Size: 39.47 MB
  14. java-17-openjdk-jmods-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: f3cb5da0249d79207b1f819ca96303e7
    SHA-256: 1c7b6d1514a35d5d62c599f77e7fa011783f53fb10785873231cedf1d99364cb
    Size: 251.20 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 7f7411960d6a094aa87846f3643957b6
    SHA-256: f5a389fcab32d452e84d2c5a52f00606735b85065c18132b513e283832720e14
    Size: 250.34 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 09a3b6497d101ffd814dd359b4075536
    SHA-256: 71ad7af74abf6ad705ffebc7f0d3215ec83dea0029f14b328743da274865d534
    Size: 180.56 MB
  17. java-17-openjdk-slowdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 99cbc404c2fd12f9960500e9bfe60670
    SHA-256: 41f97fbd726a6ad4b7bd68866cfbfaa298868ec0605f52718ceb449f1e47b6dc
    Size: 408.06 kB
  18. java-17-openjdk-src-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 693f4d0d070ea8b52fde1fddb3d8d1bd
    SHA-256: afde7b362d0508fa9aaab908d580dc1a150e242ec0bcaed9ea54d511238f73b9
    Size: 44.77 MB
  19. java-17-openjdk-src-fastdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 9d28c88c2d7706a07d1f8d9d8d00308b
    SHA-256: be72ef1ed57a8c9d8dbaa776a987616de4a5b79a916ac3afb202d20ef21d6c6f
    Size: 44.77 MB
  20. java-17-openjdk-src-slowdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 2a928f8efe0a97116fc8e7e14c3cc3dc
    SHA-256: 507faafbcea86136c3da57923fe8f9cac56814e735524eaacec09c89a2617840
    Size: 44.77 MB
  21. java-17-openjdk-static-libs-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: a6410b8980582ce95dd536b59c8744a4
    SHA-256: 6c270b680a7ae07ff4c9a0eecbdd35819913df638b1ffb04515b2f2da9a06092
    Size: 35.14 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 1e92a8ddc4428a52ff091d7b1327fa96
    SHA-256: 6ed3fbfca8b9f6e931ff4e89c937083390c015016c760b90be1a9132cbd0175e
    Size: 35.28 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.11.0.9-2.el9.ML.1.x86_64.rpm
    MD5: 88987f31c41a23ebecef2f3a0edc8e57
    SHA-256: 883f8264ed96238e19651d192062713266c70a453831cb431427cb8daff9332a
    Size: 31.56 MB