java-1.8.0-openjdk-1.8.0.422.b05-2.el9
エラータID: AXSA:2024-8591:13
以下項目について対処しました。
[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21131)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21138)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21140)
- Java の Concurrency コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21144)
- Java の 2D コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21145)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21147)
パッケージをアップデートしてください。
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
N/A
SRPMS
- java-1.8.0-openjdk-1.8.0.422.b05-2.el9.src.rpm
MD5: f21ba83f7226237ee84078cc971a4075
SHA-256: 4f75f56e219bfdcbea1ddbdbbceca698d87ef756636e01613f800bc2ebf4e0df
Size: 58.07 MB
Asianux Server 9 for x86_64
- java-1.8.0-openjdk-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 8f35d63fe8413482ba35c715127ab1a7
SHA-256: a5b90e82ce73035e50df2f0e7dae4672f59146d25461a88d6f1c646d0c857745
Size: 427.28 kB - java-1.8.0-openjdk-demo-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 1f3f8c0bd575acaa9256c914c39c9e8a
SHA-256: a29c4f9b3d79a9cc867d5c8cf59752cf496fe560210cb99cd2607acebe88eefa
Size: 2.02 MB - java-1.8.0-openjdk-demo-fastdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: ba5fcabcb35ac053c2f3d7d9deb42547
SHA-256: d31beee89b72436787035498f57fbef207dfe343170d69faa9fff6a151a70594
Size: 2.05 MB - java-1.8.0-openjdk-demo-slowdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: a9f1212b70500d1445c647d1a92ea692
SHA-256: 163db82abc2d24af33e88ae55e97865de96a66e781ea070109263fdedb352a3e
Size: 2.04 MB - java-1.8.0-openjdk-devel-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 56b7187c39b22c7bf21b01e8f130bd94
SHA-256: 8e59a3d06a7ad62f98f73b98beff808f2d52176967ea4bd087ba2bfd67b5df78
Size: 9.34 MB - java-1.8.0-openjdk-devel-fastdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: a4984ee75b912d1adb49aef74617b798
SHA-256: 63abf3f4d86704bbc85964b331031dc5d28a52cbd5af855304bb9d00409db93c
Size: 9.35 MB - java-1.8.0-openjdk-devel-slowdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 64f4d61cce668aa0a72149607527dabe
SHA-256: 27c6d283fd422414132e194bf5edfe869027ae92288906fb83cb7888caab34f3
Size: 9.35 MB - java-1.8.0-openjdk-fastdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: cc1dafb18c4305b512e5e82166341b13
SHA-256: c8e9cff219adbd8fd80cdab92b58748594ec4d62dc6bbd2e31f0b7c604a92a35
Size: 439.45 kB - java-1.8.0-openjdk-headless-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 4b8167b04307bb06a8ce293de7bf5757
SHA-256: 64c221c8534036a08cc1509509cdb775efa41edbd766aae698965177b3c90084
Size: 32.83 MB - java-1.8.0-openjdk-headless-fastdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: a4a89a6509c974f0bdb8c7635499ed8b
SHA-256: 8ed5c5c2c8a4c659866f78df28a08adee452baac53b757ef77f9648f4fc89c4b
Size: 36.61 MB - java-1.8.0-openjdk-headless-slowdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: bf327522d54152d0807fc71cdf904498
SHA-256: 265f26d0732e7e7ff99ffe2906218c4bb67d1f0efa6681a6baa6566ef9f73c81
Size: 34.05 MB - java-1.8.0-openjdk-javadoc-1.8.0.422.b05-2.el9.noarch.rpm
MD5: b4005dc4dbd775f3ac0e92ab5c3c8dd7
SHA-256: 130836dca426cd7692dcd452c6de295a8ea6e527db990724199986fcbdc7f3e4
Size: 14.45 MB - java-1.8.0-openjdk-javadoc-zip-1.8.0.422.b05-2.el9.noarch.rpm
MD5: e5efa4c40d0abc4c3cb864928fac1343
SHA-256: cd110d08431fc5a35ac4a510686ac08c984b36e38a085fbbf68eb91654f28f6c
Size: 40.86 MB - java-1.8.0-openjdk-slowdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 2b135871f33729406cff683b9a667425
SHA-256: 945522fec17e462055cd1d185f51c9b4d4fae48958e629ab451eed5eb13e2f98
Size: 413.78 kB - java-1.8.0-openjdk-src-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: d367f3ad9ac20c7463e58c7a7f12df60
SHA-256: 7369786184678da8572f48ea49b1f2d8956adcc6d90b2d9e6fc49787f61f7f17
Size: 44.64 MB - java-1.8.0-openjdk-src-fastdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 1adb8e95702dea45efca7f4ecc08ce8b
SHA-256: 9dcb08f714014deafc35bca3837da7dde415ab81580e4948df442080f419c7fe
Size: 44.64 MB - java-1.8.0-openjdk-src-slowdebug-1.8.0.422.b05-2.el9.x86_64.rpm
MD5: 4310515c8acd648cbae8cb6a7af99979
SHA-256: 95d419627e2b6f72d2f2790d755339fa43b499788106f5beb41779f3741a87f9
Size: 44.64 MB