java-11-openjdk-11.0.23.0.9-3.el9.ML.1
エラータID: AXSA:2024-7717:10
リリース日:
2024/04/25 Thursday - 11:59
題名:
java-11-openjdk-11.0.23.0.9-3.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを
介して、部分的なサービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2024-21011)
- Java の Networking コンポーネントには、リモートの
攻撃者により、複数のプロトコルによるネットワーク
アクセスを介して、不正なデータの操作 (更新、挿入、
および削除) を可能とする脆弱性が存在します。
(CVE-2024-21012)
- Java の Hotspot コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを
介して、不正なデータの操作 (更新、挿入、および削除) を
可能とする脆弱性が存在します。(CVE-2024-21068)
- Java の Concurrency コンポーネントには、リモートの
攻撃者により、複数のプロトコルによるネットワーク
アクセスを介して、部分的なサービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2024-21085)
- Java の Hotspot コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを
介して、不正なデータの操作 (更新、挿入、および削除) を
可能とする脆弱性が存在します。(CVE-2024-21094)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-21011
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21012
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21085
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21094
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.23.0.9-3.el9.ML.1.src.rpm
MD5: 340b00ee678b63068ff4ac4298114c7e
SHA-256: f684de2436b233477a90f84aa67dc4a338737e121f8f5f48d23977493f338b85
Size: 68.27 MB
Asianux Server 9 for x86_64
- java-11-openjdk-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 569e83fc117abe767cb3681ed79a84fd
SHA-256: dc5630c6a08e44e9be16a20a795763e1904eedadeec1e6af7611771f8dc77c59
Size: 434.46 kB - java-11-openjdk-demo-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 6e9964157f6fbe32bbc8995c1c35c8b5
SHA-256: 18735cdeaa9089d68c5272e511916c5bd689f0ad446c8753e6fd2066ed4e649a
Size: 4.38 MB - java-11-openjdk-demo-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: ce9d088f4cb17eca443d90abccb191f5
SHA-256: 927bd5f21285e8b47ac22397068c3103b195197ac765435471463cdb13caa3f3
Size: 4.39 MB - java-11-openjdk-demo-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: abde4594f3c1df01cfc7318defa3c826
SHA-256: a49c61fc271ac7e413a63e0725ea0dd697107d4714e2ca3106b012f16ba98be1
Size: 4.39 MB - java-11-openjdk-devel-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 128e38987754e1b1d00e0c4b870f2279
SHA-256: 7d7ec876d1ac1a79f8bb7deb1e87fe224246f2502187f4ae7f468144c87b7411
Size: 3.30 MB - java-11-openjdk-devel-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 9efe0e140d1b7870a3056cc9b5baf71b
SHA-256: 10ac1b0577cfe203c62291b48626010c6e52c874c813cfd21e048114c023ba63
Size: 3.30 MB - java-11-openjdk-devel-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 4f601c3b2beb25d3a4cd078097bfd73d
SHA-256: 295c50dede0cfe7ef166ef068b8b73cd1483c1b469cd13bcaba4ce85911b37f8
Size: 3.30 MB - java-11-openjdk-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: a1049a8ff4bfee3811a14c38e9cddff7
SHA-256: 886f78ed502ac41ad6f93799374a70389dd5addbbdaa86b33ae9abcae061ccb8
Size: 448.93 kB - java-11-openjdk-headless-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 052d165b2a4d68c961990fdd0d59a976
SHA-256: aaade9a1b14ccf1b4b77d88248301e4f812df989927838c24f6e2433cf0c0dad
Size: 39.84 MB - java-11-openjdk-headless-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 9bf3705fc7107860082a9e52ab885312
SHA-256: 302484a58519cb05b64b2e287df995b67e97c39d805efca48aa1a4c4ae0043cc
Size: 45.33 MB - java-11-openjdk-headless-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 17e90ab5ae0c6f2a8a04ef867ccdfce3
SHA-256: 96c53773ac552b17b11cf7c328e426f66fc6af7483661c47771fb0ffd0f5e70a
Size: 44.27 MB - java-11-openjdk-javadoc-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 7a857be7f2afd629b3b9fbc3dee92794
SHA-256: 468e16cc906665bcbddb5b2f728c83684439e977727465275938c94c5e2ba4da
Size: 14.82 MB - java-11-openjdk-javadoc-zip-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 4e9610d6180448aae7f5bc365e0c8bfd
SHA-256: a63cd1c5e4f71fd7fe7496fa671f700573eb4ac0acbc95e6e9e3ef2b391d9027
Size: 41.16 MB - java-11-openjdk-jmods-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 820daf328635a082dbc36dc3587babd7
SHA-256: a3d5430a5a4306175ed429423a6939299efae6a19f41ff212b5204240e999385
Size: 325.55 MB - java-11-openjdk-jmods-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 78dbe32206c71fe3ce3ca11689d67ebf
SHA-256: 3e4a27aaa853fa3d1d09e0498b55457a24db4443952a7e58018756ceb1b871e4
Size: 286.41 MB - java-11-openjdk-jmods-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 2a0902d8220bd3b7a835bd269cad5ef1
SHA-256: c9f7e051f29f4d3750d0d73c5d893c02354c4c1ac513977eaf88ffc58b4f8ff8
Size: 213.36 MB - java-11-openjdk-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 7a5239372fac65950871ed5b0ce1c6e1
SHA-256: 68db09cc3abbf6ed94a7d57297549969971247553d1eaae306cd6e1a21c52c26
Size: 420.90 kB - java-11-openjdk-src-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 5e1da5688f75257877624064bd345014
SHA-256: bff4367660db9ec0273f1a8e9e5eb364412fba2202fe921a957247f9e9e46e29
Size: 49.72 MB - java-11-openjdk-src-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: dc8e955c6153f79adc947e70ad2b75a9
SHA-256: 25bee00e291fd543701b5b22f3ba964dc8d160dabf2494ead3c7e65a7f398509
Size: 49.72 MB - java-11-openjdk-src-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: 2766c9165523be0887f5330ca2450b58
SHA-256: 6c04c74fe62788aff18e8755538ef1e9e01f0feaab54a52e686bc0c8f6e2dd88
Size: 49.72 MB - java-11-openjdk-static-libs-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: bcd3a8ff9255eecdf70825cf2c806a1a
SHA-256: 00d15e8b82f8cf5c00907fd2ba9f8028f096ddc663ada1d2ed163c851fd9e5a9
Size: 34.14 MB - java-11-openjdk-static-libs-fastdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: ba5888a96f452822f0d4cd4f215143c2
SHA-256: dc31ea13b4498d9855bf4f673f211ffe4a0e727b18c73cabeffdb2f937f417e0
Size: 34.20 MB - java-11-openjdk-static-libs-slowdebug-11.0.23.0.9-3.el9.ML.1.x86_64.rpm
MD5: a8d59a78b211567c60a7461076c08767
SHA-256: 907bf071f2fd79f6409913e9c1266b75486a0febcda9e8d7e9b1e1e777f4bb66
Size: 30.90 MB