java-17-openjdk-17.0.13.0.11-3.el9.ML.1
エラータID: AXSA:2024-8936:15
リリース日:
2024/10/24 Thursday - 11:56
題名:
java-17-openjdk-17.0.13.0.11-3.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GifLib の gif2rgb.c の DumpSCreen2RGB() 関数には、
バッファーオーバーフローの問題があるため、ローカルの攻撃者
により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2023-48161)
- Java の Networking コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21208)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21210)
- Java の Serialization コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21217)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21235)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-48161
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
CVE-2024-21208
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21210
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21217
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21235
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-17-openjdk-17.0.13.0.11-3.el9.ML.1.src.rpm
MD5: ebbfb295283801b5273f67988bed4c43
SHA-256: f0591014a058e27f81c5d60c10d00b22c7c2aec5ab0a9ce5809675048531aff1
Size: 63.52 MB
Asianux Server 9 for x86_64
- java-17-openjdk-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 2aaa238cdc63992f4c9a51f1440d1c2f
SHA-256: 05633350683836b3334aeaa1244de9a673e511bbf8c7565250b0780bf2ecaf3f
Size: 431.84 kB - java-17-openjdk-demo-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 7518d5e57ad8253dac34de961613d3cb
SHA-256: de9d707047ad3656bb147dba4ac2d80e11b2ae43dddcc7d2b56d9a4c145cd5af
Size: 3.41 MB - java-17-openjdk-demo-fastdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 051bb193134dd8180f6479218642565d
SHA-256: 01dd7c833ce68c6966400f0a3a182c76f8403e235590c832acdc36912bc1a74b
Size: 3.42 MB - java-17-openjdk-demo-slowdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: d5cc1f14cbbf4df8120cb85757c65b21
SHA-256: b48f5639e0d9b4abd3c0d296b4170df4200b70de9137bfd7693e6e260df6807f
Size: 3.42 MB - java-17-openjdk-devel-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: ce7cbf10c759008d6433dc486596f134
SHA-256: 2364c2024a32ac7f948a73837ebcbecae2340b34b91a63e17b393cdace944786
Size: 4.72 MB - java-17-openjdk-devel-fastdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 5f23d2987bb273881e0fbda01ed71b03
SHA-256: e89da0ae8d89edf8823c1cc3e18f996ce5d1e768dfe17e0a0e6d6102177494d3
Size: 4.72 MB - java-17-openjdk-devel-slowdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 2f378417b54dd959fbbe628655c31c90
SHA-256: 72a2ad39fb3e9fd886381e0666efb44de555afa9551e5e7abe297870b2f629fd
Size: 4.72 MB - java-17-openjdk-fastdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: eefd3b534a8d94e2681ee4dcc4be8f4b
SHA-256: 3919015b313cbf123774a48e6e6a53fd9729bcfc6dc68e5216bad0cb3c0a9374
Size: 440.13 kB - java-17-openjdk-headless-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 44191062ddfb0396180f0e3e860fb64e
SHA-256: c50566ae11945bebfc7e2fffd7ffed57d8ab6dd8be3a2704b66668833cbfc3c8
Size: 44.02 MB - java-17-openjdk-headless-fastdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: c40242326d537ec0963d4fe73947a77a
SHA-256: c262bcf54d886338c51c15a7f1cbfa29c4f066b6aff064cd55a882b42a5e41fc
Size: 49.09 MB - java-17-openjdk-headless-slowdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 1a83fa6a302e0cf3c38e154f42ddc459
SHA-256: fa842bfc806b871c08bc4502a0ba91d07277f27e4ce5690fb0bfa0b4a08a8b62
Size: 45.90 MB - java-17-openjdk-javadoc-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 73778b81e477a17ccdb406d67753bf3a
SHA-256: caffc91c9d2a062ed71e7c961e73f115f4043ff11adac1f0034f81f4576898f4
Size: 14.67 MB - java-17-openjdk-javadoc-zip-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: cb26595d30d46a7e8c5d6df1cb5decc9
SHA-256: 1216534dec34aa89cf78efdb245c30bcf6c1cc9c52324324f7448a28ecffc1f8
Size: 39.51 MB - java-17-openjdk-jmods-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 23153f546e440ad4b51c694ae2c2e576
SHA-256: 3a2dadb6d52dc945d5fcb3912354c1147f8e4ee5162411ebd583316b7f5c1289
Size: 243.80 MB - java-17-openjdk-jmods-fastdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: a58474eee31587a05e920bf164a51fce
SHA-256: 43194b09bdc90df1fe8b7433763252b8c5a005cae0f93d342bc01c99053d94db
Size: 242.70 MB - java-17-openjdk-jmods-slowdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 4141a9f555e887118f5336a9d7eabd1f
SHA-256: ff46841d2ad11d271f2d5edaaeecfe757c7cdeb511ec9e3cc1aa4d9a0af34b26
Size: 172.48 MB - java-17-openjdk-slowdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 253a3551ba9596833100f9e5e8547d52
SHA-256: e3265fa0d53a6ad4a28b0d824454c100f375fe663ecd1d223cb1fa9c9ad74800
Size: 409.35 kB - java-17-openjdk-src-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 16a010696b9a2f2b27659948bf7056c1
SHA-256: 9b00a247016f78992b87f54a84c2a8e7406200e0514eb0b0afa4968ace447f37
Size: 44.82 MB - java-17-openjdk-src-fastdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 19b799ae3d40bc9b912da2bfd1e78391
SHA-256: 802943753804eef73b5b2a6cde618ed03ed8513fe784e4cfa6c89f84d262d6ea
Size: 44.82 MB - java-17-openjdk-src-slowdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: e16a031f2e744da8a975c4cd2a9ed091
SHA-256: 557513271103f88f8df074bd6bbad484363e0595e277392710c2ad8bebf2c875
Size: 44.82 MB - java-17-openjdk-static-libs-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 5a2b74faf8d2a502906f692ae9215d66
SHA-256: cc88e8c347f8cd0568263a451480c8a1b29656843a620303aade2f0e4aa54278
Size: 26.38 MB - java-17-openjdk-static-libs-fastdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: 39ead7c457d53a5f594ce5a956b82e68
SHA-256: 3268ade97004e9b80d1bdf8c4343e3df81c9d8d68cb960846829f51b45570584
Size: 26.50 MB - java-17-openjdk-static-libs-slowdebug-17.0.13.0.11-3.el9.ML.1.x86_64.rpm
MD5: f576720aa235e32ab772655e84ffe7fa
SHA-256: 020191a8d806a1f8d13ab4853102fdf13f82332dba5b6b755e5722b91e588e59
Size: 20.23 MB
English