java-11-openjdk-11.0.25.0.9-2.el9.ML.1
エラータID: AXSA:2024-8933:18
リリース日:
2024/10/22 Tuesday - 18:40
題名:
java-11-openjdk-11.0.25.0.9-2.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GifLib の gif2rgb.c の DumpSCreen2RGB() 関数には、
バッファーオーバーフローの問題があるため、ローカル
の攻撃者により、情報の漏洩を可能とする脆弱性が存在
します。(CVE-2023-48161)
- Java の Networking コンポーネントには、リモート
の攻撃者により、複数のプロトコルによるネットワーク
アクセスを介して、部分的なサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-21208)
- Java の Hotspot コンポーネントには、リモートの
攻撃者により、複数のプロトコルによるネットワーク
アクセスを介して、不正なデータの操作 (更新、挿入、
および削除) を可能とする脆弱性が存在します。
(CVE-2024-21210)
- Java の Serialization コンポーネントには、リモート
の攻撃者により、複数のプロトコルによるネットワーク
アクセスを介して、部分的なサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-21217)
- Java の Hotspot コンポーネントには、リモートの
攻撃者により、複数のプロトコルによるネットワーク
アクセスを介して、不正なデータの操作 (更新、挿入、
および削除)、および不正なデータの読み取りを可能
とする脆弱性が存在します。(CVE-2024-21235)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-48161
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
CVE-2024-21208
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21210
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21217
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21235
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-11-openjdk-11.0.25.0.9-2.el9.ML.1.src.rpm
MD5: d7b2c270c98965baa741b50c02b7cdc9
SHA-256: b06a46fadb1c3996e2486e6e44258d10d6d390cf45b4f7bd30969beb9b1c0188
Size: 68.39 MB
Asianux Server 9 for x86_64
- java-11-openjdk-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 4058b67d167a246845496ad745d082be
SHA-256: b648703eb4d4a445922a758326ffebbca2724a03881c43a0c876c1f21cab7cbf
Size: 406.90 kB - java-11-openjdk-demo-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 375ba8bb412c90d9299e52b021356c32
SHA-256: e4ee226f4f3b6ed1e7b664beeb618b4348ff59ed81b03a2e27f5dc185572d174
Size: 4.39 MB - java-11-openjdk-demo-fastdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: b749616a0dd6e4ff13daee766fae7603
SHA-256: a376c51e66ddacd0d353be7cb7cd45f6a91fc81c710d11f993befddb637b0411
Size: 4.39 MB - java-11-openjdk-demo-slowdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: f4d35695581fd6ed1349973f6ba07c54
SHA-256: 46de66155a53c76c653c94f8fb2e86051b46d15aa93117a2b0df3d61d5d3d186
Size: 4.39 MB - java-11-openjdk-devel-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 79c7ee50648aeabad87c76c47996f9c8
SHA-256: 5e8c69e75716695f18dc023fa2a175b9c80c91723fc752a7f5fc69ff7a22f5bc
Size: 3.30 MB - java-11-openjdk-devel-fastdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 69758b60a11d5b242ea5930d43c99dcf
SHA-256: 0cd266c8fa2c4963bf0e31978d9c207861958b88c6e5bf2cabb3dd16a90b7efe
Size: 3.29 MB - java-11-openjdk-devel-slowdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: f92fb630af622698066066d22cc66be4
SHA-256: d9a28e28bddb8a75fc0fbbcdb7ebbaabbab37b57cab296dec36d308dda5ed516
Size: 3.30 MB - java-11-openjdk-fastdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: c00a2456707f8c4e3f2350f528d9c4c2
SHA-256: e4cf568e7d0a2d953bf3ae3500ff910ff465e87db246dbf1811ad192df40268c
Size: 422.77 kB - java-11-openjdk-headless-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 71ead51bac9e7bd1e81396efa858b38b
SHA-256: 4f9124992b4c96df00d3f464f6a5d1354ad269f5884fc162e13c510cc4b70197
Size: 39.08 MB - java-11-openjdk-headless-fastdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: e192396b5d6fe8c0a2bf01115633c836
SHA-256: e994dd8e6119fa3ddcbab37a366658f9d2a788125eec2df32135822c9f21bfbb
Size: 44.53 MB - java-11-openjdk-headless-slowdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: e87250e86dcb44428e55ab354561e122
SHA-256: 3c91ed32644eeb4ba7552aa1624ddd5a5aa8f678d31b2082679dbac9d6e66787
Size: 42.20 MB - java-11-openjdk-javadoc-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 20783435a1f1bfd2fd39916ca86a5bfe
SHA-256: c9c4bdeac94d0a817d191a22252138e4328455ff037a049614bb425e955637ce
Size: 14.83 MB - java-11-openjdk-javadoc-zip-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: ce5c27af18f38cba27c03be71f5593e5
SHA-256: 60ccc854c09f22ee8d61108d3e0c2869857da198eb0a56b24ba295e8db4df0d1
Size: 41.17 MB - java-11-openjdk-jmods-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 8ca355bf91d4fb9ec86cc5caae268e71
SHA-256: 33cd73ef80d42cfb2f5d2862556c6d33960fec3826fd36713422baad7722cb63
Size: 324.19 MB - java-11-openjdk-jmods-fastdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: d0e959b9b17a427c2d17e28fdd9a918f
SHA-256: 94de8af262bb8181bb832e2408ff4d4bba6b8f453ae8ddc9cf3a83d2910705a8
Size: 284.86 MB - java-11-openjdk-jmods-slowdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 56457f1ea5022f16d922968be10eb4cb
SHA-256: f5dba9b5cb1af0ee77d1aa4f606aa216a71ffe7a002c792874816d0a17678636
Size: 209.42 MB - java-11-openjdk-slowdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: f67aa712bf1b8231ae193445bf900a75
SHA-256: 1f58640143f225219e96a190ef76d2c398b9b2117c00c4bdca93f5e1b86ab69f
Size: 389.13 kB - java-11-openjdk-src-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 2c7f57fbe437b59cda7c527d4e2dc183
SHA-256: 69848bfd857063a11a0d16a3fe11f242fddc7d6dfc5015459f4ef4f532704e50
Size: 49.74 MB - java-11-openjdk-src-fastdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 368cf374780d1c6c44a4ed7cd6e79235
SHA-256: 68b465e3ac1bf522211a6d0a7afb6aff954850ae7bf8836647770139ae051b80
Size: 49.74 MB - java-11-openjdk-src-slowdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 99e50c4487a782bb38babb344d427148
SHA-256: b9fe8f2e48ebedee4e4a7dcb1a1b6662813f28b4d3fd531841398b095ba68dd7
Size: 49.74 MB - java-11-openjdk-static-libs-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 80afe5ffa4bb7eb674bd357223877979
SHA-256: 35e8e58acbffea15465ad74627be1467c347ec4c16044d80a08c0c954f9d1314
Size: 32.60 MB - java-11-openjdk-static-libs-fastdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 84ea806db722f0b53fce255a6bf7a336
SHA-256: cbceb1cda73197feb18924e51dae56a869e8097a7212998dcd899db2f341b379
Size: 32.88 MB - java-11-openjdk-static-libs-slowdebug-11.0.25.0.9-2.el9.ML.1.x86_64.rpm
MD5: 14ab85573daf123afb89d5af11bd9c7b
SHA-256: 8c5e027d6b36911e0c6f44be2e4389287885cc7b9d7fcd4045e4da9a4c3c54e6
Size: 26.80 MB