java-11-openjdk-11.0.24.0.8-2.el9.ML.1

エラータID: AXSA:2024-8576:12

リリース日: 
2024/07/19 Friday - 18:34
題名: 
java-11-openjdk-11.0.24.0.8-2.el9.ML.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21131)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21138)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21140)

- Java の Concurrency コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21144)

- Java の 2D コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21145)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21147)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-21131
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21138
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21140
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21144
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21145
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21147
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-11-openjdk-11.0.24.0.8-2.el9.ML.1.src.rpm
    MD5: 2d567887c3dbe12c3a03d57bde5641f5
    SHA-256: 36e7964ea2103d7c7426aa1111aed00b340d52addc6366d61808f1628a30d85c
    Size: 68.30 MB

Asianux Server 9 for x86_64
  1. java-11-openjdk-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: baa5c0f9fecf04fe61c04f8a4a440f91
    SHA-256: b3d5dbb78ca3af259d3b1553c1602861e176bf89d5789a24b574a527ea2cc9ae
    Size: 408.51 kB
  2. java-11-openjdk-demo-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: addfa451419879aaa5ed3c57df6ddc8d
    SHA-256: 70dd5b2792e4095ffd312af2a0378ffdda4e0bceec73f78737b37d467600283c
    Size: 4.39 MB
  3. java-11-openjdk-demo-fastdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 8c68202720253a3654d96819dc51514a
    SHA-256: 8cdfd371e4bc11bf046093e036d4415368d663370b4ee8eb1c3b5130db535071
    Size: 4.39 MB
  4. java-11-openjdk-demo-slowdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 9ea456edf2218d5429cd6bd77b4d219d
    SHA-256: d0779cc412d8134dfc51045a95fd0097f2c9d9754ae13b0a549bcaa7759a294b
    Size: 4.39 MB
  5. java-11-openjdk-devel-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: f7f0245c40c14f209ebe374b64fe7591
    SHA-256: 1dc9d1ef7165a451ef8727ca7e0b8d419ecddf7784bcf1d691d9db5a84b22ab5
    Size: 3.30 MB
  6. java-11-openjdk-devel-fastdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: a62b3638afd3ba330bb431e5c41b9f42
    SHA-256: a26968546224a3b5a854ea254571271bb473a587b601d5ea324b9d676a58ee08
    Size: 3.30 MB
  7. java-11-openjdk-devel-slowdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 65c73d3d579678c3f4f1fc7ececa9ff9
    SHA-256: bd787e9728849a9d3905736ad2acc261e387d449c987cc939f6319aac1e89d26
    Size: 3.30 MB
  8. java-11-openjdk-fastdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 2340efda9de3fd8fc32f432498a00b95
    SHA-256: bd941b74617e1c4f51f0953e4e790dc47beb3d3f0681344b252840dee0758311
    Size: 422.97 kB
  9. java-11-openjdk-headless-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 5ac41cd053943e323d4ce29f94e3c5c1
    SHA-256: 91ae116f6416da4d0dc3d48ab802713541b3f3bf92333a1a5e5fae95c96c6631
    Size: 39.06 MB
  10. java-11-openjdk-headless-fastdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: cbdf928f699e5d2588b5ae871b90b946
    SHA-256: 4426400772ccbc63f70e3b6902a103d76c670010e826606b310720ff2fb30654
    Size: 44.54 MB
  11. java-11-openjdk-headless-slowdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: b15b0e04733c203cec6714e6bc2167cf
    SHA-256: 8aef5fae16c9cd1f1e1c1bed74e65c299c0aa01b2b131bc0e6e784ab85f18f2d
    Size: 42.17 MB
  12. java-11-openjdk-javadoc-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 0671f7dd9b5b70c6bcaa0c35e748371b
    SHA-256: 29454f42532d4ab89ab78dea8a705905668afc603703e213bcf15363f0a56bb6
    Size: 14.83 MB
  13. java-11-openjdk-javadoc-zip-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 4554fcca1bfbe3fcd7abd9fb468370d6
    SHA-256: 0e05c493541ed392ed279b5f879119466f42632f8db67e48d5b95e01d80cfdd9
    Size: 41.17 MB
  14. java-11-openjdk-jmods-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: a816f2e630008e6a4be73ed4e1c54a52
    SHA-256: f176ed94a9b12fec5ed5ca50673b64282fcc49ee53f68f9589d1f127ef127089
    Size: 324.26 MB
  15. java-11-openjdk-jmods-fastdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 41542643a4cd462bdd3d86475be53f3e
    SHA-256: d54ca17ac0528159a6e72b67f03c0ef3553bb0e5eec512b707747791a4dca48e
    Size: 284.85 MB
  16. java-11-openjdk-jmods-slowdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 2e02e6514477cf47c31f15caa7226155
    SHA-256: afede795adc4782c26f511be25048ce9466b914907328864a089ec43db170c91
    Size: 209.37 MB
  17. java-11-openjdk-slowdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: f129a03a36f8f200dd885433f19da3bc
    SHA-256: 5e05a384d7531f3d55708e406135a1de35359b9b61943da0889502ab79ace576
    Size: 391.15 kB
  18. java-11-openjdk-src-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 3c1f42297f1a739ef4b63786eca99bb5
    SHA-256: d0e986a0684a9802d6436d1990cf43eca50cec33928bdb1ff60ebfc01b4a628a
    Size: 49.72 MB
  19. java-11-openjdk-src-fastdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 266ef52a69d108a8c4879292469e5d5c
    SHA-256: ab250d8942e43d040e6e26e813d671299df852b61c56cc002a2cd178465ed1b4
    Size: 49.73 MB
  20. java-11-openjdk-src-slowdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 007b0b60f9b093ae34a8675de195f179
    SHA-256: 4289178a71ed3861dffd73ccf7e2c32020f51ff6eb555e3be6154cc9dc3903fc
    Size: 49.73 MB
  21. java-11-openjdk-static-libs-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 745e52076e00f876c6a2cf6ae4cb2c6b
    SHA-256: 4ca9871bd17488dd7d5949544dd8355d5419ddfbd3bc076b29761712460dbfe5
    Size: 32.60 MB
  22. java-11-openjdk-static-libs-fastdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: 38a0316f32211824469da955df8e9a9a
    SHA-256: b9c123d589f861edcebccd6234eeccdfd5963b82a067a0a6ddb447b16f8462cc
    Size: 32.89 MB
  23. java-11-openjdk-static-libs-slowdebug-11.0.24.0.8-2.el9.ML.1.x86_64.rpm
    MD5: b639904171b8bbf920fc484210a1f9ec
    SHA-256: 1cca81cbd6b84a58215701c303654c62c006608bc08e4ed223f69f4b9621c6ad
    Size: 26.81 MB