java-21-openjdk-21.0.4.0.7-1.el9.ML.1
エラータID: AXSA:2024-8584:12
リリース日:
2024/07/22 Monday - 09:54
題名:
java-21-openjdk-21.0.4.0.7-1.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21131)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21138)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21140)
- Java の 2D コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21145)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21147)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-21131
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21138
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21140
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21145
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21147
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-21-openjdk-21.0.4.0.7-1.el9.ML.1.src.rpm
MD5: 6ffdf82fb65cc0aa323cc50e10f1a6af
SHA-256: 086e45541bfbcee3138393974b5d12d93b1f79b770542621fc84593053439138
Size: 66.62 MB
Asianux Server 9 for x86_64
- java-21-openjdk-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 0b7fa462cdc4251f05c7e65e80466c04
SHA-256: 25a0f2417be351496c8fe9eb9aa80f84668e96c9d526d9daaedb9ae47b9c0397
Size: 426.32 kB - java-21-openjdk-demo-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: e71906c1b1fb76295a5d38f80b3e18da
SHA-256: 4f5d45d08a1a424051bfa8f4ef037915ee33569917b25c5056fde07b644ea6c7
Size: 3.17 MB - java-21-openjdk-demo-fastdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 5bcf7fefb88459fd235388cc679351c4
SHA-256: 190b6f4ea5ad2ca06aadb8db24cff7dfdf33162123cc04851cb457018f4d372c
Size: 3.18 MB - java-21-openjdk-demo-slowdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: b3b37eda12522ac0d6af217319d88363
SHA-256: 69bbff6a82e06ccc63f2aed2983d9a275c1f46601f9ba45ff91f2e81ceb18e5d
Size: 3.18 MB - java-21-openjdk-devel-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 00bbd63297c2efb64153b6086991b850
SHA-256: a6f9c6efd69a9b72327cbb7f57f3e9794d4525a53a4d62624c955641ac38b82f
Size: 5.00 MB - java-21-openjdk-devel-fastdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: c01262fb1216d63fdcb9a63d3466bec5
SHA-256: 8b85d87574209e2d86024a400982f59d0863ba6da1c283ba5d53afffeff1402b
Size: 5.01 MB - java-21-openjdk-devel-slowdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: df7e907461575d6fe66da218a56168c3
SHA-256: 18201e8f1b330c8e8d2038fdb4fda6932e1d549a597f30c4a6704c2f63fa4046
Size: 5.01 MB - java-21-openjdk-fastdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 9509901653a62088d7b491989686c9f2
SHA-256: 061f4d02d4ec70b0a5bb058aefcdb7ff804615fd9334a3ebb68ade4a9e6ca3f2
Size: 434.72 kB - java-21-openjdk-headless-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: b2d9c3e77ac85cc3dfd17e7d24bcf784
SHA-256: 19c3c1933f05129cfde20d364ab5a28a24d71764c3fdb6947c7665ad72f1388c
Size: 47.76 MB - java-21-openjdk-headless-fastdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 7d50d50ef46f5a8561528d71f3f5f90f
SHA-256: f1e7f14e2cd97270807e7eeaac463f7736d2695b266111bf5139b85e257fc776
Size: 52.35 MB - java-21-openjdk-headless-slowdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 3b929c8ddff710df3bfa926a4e915f0d
SHA-256: 093e809a81954cda8148a8341879824e417b2ab9615a279086f39592f4c1a963
Size: 50.79 MB - java-21-openjdk-javadoc-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 7347c2f49e91ca2c7750222d9a504a45
SHA-256: 533e60f8b629755bba7d7a5524fa0f67ec7dbd95676ad6e3d06fc496728f16ec
Size: 15.03 MB - java-21-openjdk-javadoc-zip-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 0cad6fc19b07236bcca49aa407930041
SHA-256: 271fa658fc903aca8c07dd46ec608f409d7cf9e8c11f632df13dadeb177d6430
Size: 40.64 MB - java-21-openjdk-jmods-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 8d5b69989f1e4aa144d8e2aa1b46ce1c
SHA-256: e8550a42b8ab54fc7d2f9e0d0d15e556e00ad316a79a2765684262e839348034
Size: 307.39 MB - java-21-openjdk-jmods-fastdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 5056ed769dea362da60cbd5aa2fa0357
SHA-256: 6a7d9e598e31cda57dbe9e67f80a5e22c4e6dbe6b875934cf26ab5d539519696
Size: 360.06 MB - java-21-openjdk-jmods-slowdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 2e753e45ffcb11dacfeee4f343832d4e
SHA-256: 0669a8d4ea108f7dc687508b97d1dbe0fc27682c5dbc44e54944c994a32646e8
Size: 273.69 MB - java-21-openjdk-slowdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: ebb9670a978df538a0ec5d24c78887e8
SHA-256: bde9539cdf907024e96c855177d4c73b4d19e09cd6c53a990f7986f6bf59d5f1
Size: 404.94 kB - java-21-openjdk-src-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 9c2656d3790ab3dc6b1ac7829df6e06d
SHA-256: 9ae806b07e24685bb4296c7f0093438c6271df9729cc4482b6f13f51f1c5e558
Size: 46.68 MB - java-21-openjdk-src-fastdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 391c7a7d6d18fd8f39725a723008bcb5
SHA-256: da82712aecf9468f399ace49526a8e012ddc434d921030596e4d2bc86ca66d77
Size: 46.68 MB - java-21-openjdk-src-slowdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 2f2ca1d89f0f024a58c730c055d264ac
SHA-256: 4f034125f67c4f9c9b9c6a7ba3a645adee92ba116f82c5b3ee51052ec0adc4e9
Size: 46.68 MB - java-21-openjdk-static-libs-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 10072fea76502aa8d7e9863d1886c5f8
SHA-256: 236b7f766664ab3675891bd010568db277311b1d7dfb131f45d7651101d5c045
Size: 36.91 MB - java-21-openjdk-static-libs-fastdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: a84e32ce6e6c408d6a64ce227ed0ba15
SHA-256: 29e96d043e368ce0e89bce4bc3586a2c74338fafe06801d1242d846dc44cc459
Size: 36.72 MB - java-21-openjdk-static-libs-slowdebug-21.0.4.0.7-1.el9.ML.1.x86_64.rpm
MD5: 517f03b5399945010bedfc1944da32ad
SHA-256: f7edb666d4c74b7274fdbd4b81f02071e90cec0d8a69b4864a4be79bc7d0c549
Size: 27.47 MB