java-1.8.0-openjdk-1.8.0.422.b05-2.el8

エラータID: AXSA:2024-8592:14

リリース日: 
2024/07/22 Monday - 21:44
題名: 
java-1.8.0-openjdk-1.8.0.422.b05-2.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21131)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、部分的
なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21138)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21140)

- Java の Concurrency コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21144)

- Java の 2D コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21145)

- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21147)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2024-21131
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21138
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21140
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21144
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21145
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2024-21147
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.422.b05-2.el8.src.rpm
    MD5: a43a489f783fdb5b76de4edf1f496f8d
    SHA-256: d728d519c95f03b127c3a87e6af0a1f39f6637ccb2870480891411001eed2b67
    Size: 58.15 MB

Asianux Server 8 for x86_64
  1. java-1.8.0-openjdk-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 5eff0ec9140e1854facd297c1ad16618
    SHA-256: d0f18a5eaaa3bd0bb75ccea1b38b8c8aa7211697e53e6882fee91bf5db1b12dd
    Size: 555.79 kB
  2. java-1.8.0-openjdk-accessibility-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: a172a2fedbc511a5c89b279835cbda2c
    SHA-256: 908297469791301b51cee74e0f760af0bef7bed37ac6fd06d0cf4f20cdb3202d
    Size: 124.47 kB
  3. java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: ff6baad70f6fd70775dc336d3fa55f31
    SHA-256: 1307eb1d7e5e70d5895c637b56061290570fa0f86624aad92a67b2cd3f0b6609
    Size: 124.32 kB
  4. java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 7156fdfb99bafb1c484630eff0b4db7f
    SHA-256: 81b764e15eaa2956627931bb39b8bf6c4ae441271d39e7af38e0cacda3973b70
    Size: 124.32 kB
  5. java-1.8.0-openjdk-demo-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 3e477577bea011a1c60cbb242c801c01
    SHA-256: 12f3c9fdf8a3d33ec9ddf74238e68ad8127eab189d1bfe07d40b80fe08a3b454
    Size: 2.07 MB
  6. java-1.8.0-openjdk-demo-fastdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 239aa8ecd16e3d71ba80d1f5594695ff
    SHA-256: 067f01c25449c8a5d4576bd04835be96fab6d39e429a1307d116bb267ffd2a0a
    Size: 2.09 MB
  7. java-1.8.0-openjdk-demo-slowdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: a5f1ab7f3dce94cb73884c00dcc9b2e5
    SHA-256: 8308b1c3bb18b870104967fad58d7e5be0134700d96fcd732a5154f66b9775ee
    Size: 2.09 MB
  8. java-1.8.0-openjdk-devel-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 102229de9825d2d9391196cd0303d5b9
    SHA-256: 900634faa351eaa4bb059e29fa82dbfd6b24351d2853793afc552c80941f07bd
    Size: 9.95 MB
  9. java-1.8.0-openjdk-devel-fastdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: d8384709bb1d3b0d78a7d5da6d111f9f
    SHA-256: aa73df2f51b9b4fb03667ace78f73a32b9fa7ff429bf61462cbc27f7a27a84b9
    Size: 9.95 MB
  10. java-1.8.0-openjdk-devel-slowdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: bf8d9d98d7ae83566b5032455c92c326
    SHA-256: b6fc17dadb880a4244b45a94852f5ee124c594038fb6ab881d8e9f6c9976d091
    Size: 9.96 MB
  11. java-1.8.0-openjdk-fastdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 01eb0875fb8b897d805af08ad52f59a6
    SHA-256: d18520830366a3d289507c701727a109fbe94140ef8e95a0f1e57dc740c5ee32
    Size: 568.77 kB
  12. java-1.8.0-openjdk-headless-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: a995c4a8814b8f93922e1b4010074e2a
    SHA-256: 9a3a4b00e6fab579a0adb7bb55f539000df0415a5dd70308e8b4d49b963a0c95
    Size: 34.51 MB
  13. java-1.8.0-openjdk-headless-fastdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 3ac14ffd0d824ac3eed9679f4fade802
    SHA-256: 675df4b2c4f8a08633b11c9f3845f4da45d2cf4abe854467d6591e48a2f9e1a0
    Size: 38.16 MB
  14. java-1.8.0-openjdk-headless-slowdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 11a16539a6b0109a062cb7ff77a69882
    SHA-256: 03eb83daed69f4fe528978f5d77fad48aacd34c6aa83ae73fc97ac7ec7a8164e
    Size: 36.34 MB
  15. java-1.8.0-openjdk-javadoc-1.8.0.422.b05-2.el8.noarch.rpm
    MD5: 33c13c9d07d74563c0b9e067bfae30af
    SHA-256: 04650c519612ad6b3f0f8eb3e93b72e1147f3caf32f6293367918e61281f2720
    Size: 15.20 MB
  16. java-1.8.0-openjdk-javadoc-zip-1.8.0.422.b05-2.el8.noarch.rpm
    MD5: 79b1d8cd9deb57566ebc675e9ecbf193
    SHA-256: 388716f22f240114ab9c8cd0757f2fe38d086fac4c19581ccb854327f4b1794d
    Size: 41.75 MB
  17. java-1.8.0-openjdk-slowdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 41e4827b438c99f7f2e3dbce4fc130f0
    SHA-256: ac513e54e25cbc85c3e675f612fb676073fdbd59d4a7d7ff27bc2f326204011d
    Size: 545.25 kB
  18. java-1.8.0-openjdk-src-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 5f94a4e63a4067fb1c6239e83c535306
    SHA-256: 9ba3cbf8a366e308ced1a43cf853ff48b02321defab98f539f29bad39c99e2ce
    Size: 45.51 MB
  19. java-1.8.0-openjdk-src-fastdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 0c5e9fe2aba13b17019433184ba03864
    SHA-256: 5cdc1210b4c6c03427187f6d970c6c679ff16aae0d8aaa3e9238442d56437565
    Size: 45.51 MB
  20. java-1.8.0-openjdk-src-slowdebug-1.8.0.422.b05-2.el8.x86_64.rpm
    MD5: 3f916798f33875c9581ae606a4dd1874
    SHA-256: 96861e913795aadbaca954b6bfccc01d5ca6b855f624374d4f953f36579532e9
    Size: 45.51 MB