java-17-openjdk-17.0.12.0.7-2.el9.ML.1

エラータID: AXSA:2024-8577:11

リリース日: 
2024/07/19 Friday - 18:40
題名: 
java-17-openjdk-17.0.12.0.7-2.el9.ML.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21131)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21138)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21140)

- Java の 2D コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21145)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21147)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-21131
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21138
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21140
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21145
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21147
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-17-openjdk-17.0.12.0.7-2.el9.ML.1.src.rpm
    MD5: 3ceef6518fa32e9c7581493248b88409
    SHA-256: 9e6b61eaa347725701489ede7f69e4628cbf221c6e60bd3a0f14192801050049
    Size: 62.97 MB

Asianux Server 9 for x86_64
  1. java-17-openjdk-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: f57c128b513302432c8ff577e29c4cef
    SHA-256: a918996af68bce42bcf9f77afe2bdbea80e91d956e5abc4890ee9e912e7a6891
    Size: 403.83 kB
  2. java-17-openjdk-demo-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 534ed4941df47738535fb10cf93435da
    SHA-256: 6aa2f02a802369a726c82ce76eee432c4606ff52d1c1d998ba3d23d6b6448343
    Size: 3.41 MB
  3. java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 7076320b5406ded19e9aa17b82efaa30
    SHA-256: e72bedd1d7f12ff87c5429b911bb126cc0166153cda16df02f4b243623dc8d38
    Size: 3.41 MB
  4. java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 3ab15cd86b56510570f1c7a8ecad0781
    SHA-256: b0ce92d3bbd13ef70771f5a901e22f91529d0464598e4d85c303e04b0c1cb368
    Size: 3.41 MB
  5. java-17-openjdk-devel-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: d3e44b07983245ad125cb2098728e558
    SHA-256: bf6e52a824e97a9a52868ff136347919a019216ba254d1607db73878e8b0ef18
    Size: 4.72 MB
  6. java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 32efcae859921d3e9fc61122eafdf142
    SHA-256: 0ef604c159cde25491c9eb5af9de8aeffbf0a9c412d75d5ee50dbe79510d82ce
    Size: 4.72 MB
  7. java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 6dc25a3760385ee68946dfe2702f2c02
    SHA-256: e088124132b6baaeaafa28a9f0d561fc414ab0440c5641726dd7b450161d36f9
    Size: 4.72 MB
  8. java-17-openjdk-fastdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 84fa94a65617a98be1dbb6afb77b0114
    SHA-256: ee4c8f0580be39cb6faae0ae45e22974a0b0f3a7c9c49efc360b666306b891f0
    Size: 412.27 kB
  9. java-17-openjdk-headless-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 078ae4f435d3192b13158415839cf854
    SHA-256: 034d65e8a221925fc3ab20cf0191132f2a9c8ffaa22916308ec35f6a4629de93
    Size: 44.29 MB
  10. java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 4f0e0808c9953b532765882a8f9421e7
    SHA-256: 469c559dcb0f4744e49a8a629ed6fd079551286f745184fff1971bfda899f492
    Size: 49.38 MB
  11. java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: e80bd38c9192efbcd26a91afa8c53505
    SHA-256: e476c9b831e043faa3bdb366302f57154495ec2cbf61ae0bb0b60927c6694c9a
    Size: 46.56 MB
  12. java-17-openjdk-javadoc-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: a66a6a418faf779bc4802cc3805d0527
    SHA-256: a1a9023fc8ffde54cb56cf3cf1937243f7962f7f32f74113a9aa9187763d4442
    Size: 14.70 MB
  13. java-17-openjdk-javadoc-zip-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 8cc5c6e46894ba8e45c7667430e597e8
    SHA-256: ccfe7a8d838f3e4aa6ecbe118507566b2d6cf47cb6be00c6213a250ce4e88be9
    Size: 39.43 MB
  14. java-17-openjdk-jmods-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: ead74e893416b72443a00aed06ed6cd6
    SHA-256: 83133386f60431edbf957409caa4113a197f06d017115e072e4d5950c791700b
    Size: 250.10 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: da6197c78da48bfad290e0d790dd6a79
    SHA-256: 079131db3f5e0b7dbd582c8370617f7540e7f76945d590e78bc0fb8353f6da5c
    Size: 249.03 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 6f12ac0a32e79e407fb9783dd7e5d0ab
    SHA-256: e51e1fd927b4a6626bac335fad96f6cc6fa6cbd6fbf8fb7c1c8d42b2a9069f10
    Size: 176.67 MB
  17. java-17-openjdk-slowdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: dd0eba238e0ad2996aef1fac31fae19b
    SHA-256: f701c5173e5737ca5c88bd49953b8fb9c36c37761ad80b15daddfee4cbf676b3
    Size: 379.65 kB
  18. java-17-openjdk-src-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 9726ed5a9f7f6b5fbfc277425c5933a6
    SHA-256: a5583da99b553795e77294131a1e0ff3330adc1436524618b19eb5a88b3004db
    Size: 44.78 MB
  19. java-17-openjdk-src-fastdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: a04c0df8e4b84d2661c8d0065a80b48b
    SHA-256: 644cd5b6fc599eca31cad104dc2dea0f1ca4c50e172bdd163dd814792840bf67
    Size: 44.78 MB
  20. java-17-openjdk-src-slowdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 893d61d9d8442073bf774654003b06e9
    SHA-256: d339063cfc74bf1eeba542bd61ee01846fef8f89561bd058d4f38e129c62771d
    Size: 44.78 MB
  21. java-17-openjdk-static-libs-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 52b1bd0000ad3383f05969c93b995293
    SHA-256: 6481633f5774dd4914c1aee9664fef36a7f4ea50448bed6687890b16330e5278
    Size: 33.80 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: d2e8be564412961768673aad095191e4
    SHA-256: e56fd78df07d8cceb273fb13c69fb8cc77949c63223b5adf6521ae2b8c0bf248
    Size: 34.08 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.el9.ML.1.x86_64.rpm
    MD5: 0feaedaa36d82a5425789c0594dde300
    SHA-256: ff50fd404975e45d713bbb9d7bdc167c450117b86b51bac59adb729cc65f6dac
    Size: 27.53 MB