java-21-openjdk-21.0.5.0.10-3.el8.ML.1
エラータID: AXSA:2024-8941:16
リリース日:
2024/10/24 Thursday - 15:55
題名:
java-21-openjdk-21.0.5.0.10-3.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GifLib の gif2rgb.c の DumpSCreen2RGB() 関数には、
バッファーオーバーフローの問題があるため、ローカルの攻撃者
により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2023-48161)
- Java の Networking コンポーネントには、リモートの攻撃者に
より、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21208)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除) を可能とする脆弱性が
存在します。(CVE-2024-21210)
- Java の Serialization コンポーネントには、リモートの攻撃者
により、複数のプロトコルによるネットワークアクセスを介して、
部分的なサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-21217)
- Java の Hotspot コンポーネントには、リモートの攻撃者により、
複数のプロトコルによるネットワークアクセスを介して、不正な
データの操作 (更新、挿入、および削除)、および不正なデータの
読み取りを可能とする脆弱性が存在します。(CVE-2024-21235)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-48161
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
CVE-2024-21208
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21210
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-21217
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21235
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-21-openjdk-21.0.5.0.10-3.el8.ML.1.src.rpm
MD5: ac8fb30bdb9db5beef8271663d87b5c7
SHA-256: a8263fd32f8ad5e589db5b72b40e250825e22e0a179dc7dac8100d3acbfc6693
Size: 66.79 MB
Asianux Server 8 for x86_64
- java-21-openjdk-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: ef20391b927b3b5c3edccbba46c9465e
SHA-256: 42fe760f75c2337e1a554ebcc04e817272a52d9cb2801faf2ad68dc75460608f
Size: 447.19 kB - java-21-openjdk-demo-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: c9ef2f89bc015899ca9e3c1a0318dbfd
SHA-256: e8927e7fde2ad10edbdb261d84a3adbac9231f15a60f0d12cfb558d9f06a3628
Size: 3.17 MB - java-21-openjdk-demo-fastdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: af2e53d2b7a0287490a7cab76dcff1d1
SHA-256: b08502e94be70dc63398f36068b48f6f18206532c35f1e2ee240c4795d51d625
Size: 3.17 MB - java-21-openjdk-demo-slowdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 7399806b89f655d76306f7df38c5712f
SHA-256: 1128c09ce4a0da5c34ab05412ca8e2fa915e30fd9858cfc729e3dce6c5eb82c8
Size: 3.17 MB - java-21-openjdk-devel-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: e6342d8b3dcb89701b5a2342b3c792bd
SHA-256: e8fa1170daff87ed46bd7e1ddcb44c6694670f38c4bac691b5ca8e503064493d
Size: 5.16 MB - java-21-openjdk-devel-fastdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: d1f442b3e9c830f1685597bd60ff07ef
SHA-256: 8aec5f2ca1574beec96bd45ac2bfc2b1e002253090efada8a33d8b3a1bf6e830
Size: 5.16 MB - java-21-openjdk-devel-slowdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 1ddf383dd3fdd2eaea11a43a4334cf24
SHA-256: cc3d959b5e6fa136f03dc9dee2a952118ab3f585ce5312960e2f28662ce02525
Size: 5.17 MB - java-21-openjdk-fastdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 8e3f9d28d15507fd547a03815dc40280
SHA-256: f5cf4645e5467837c376a4a3261f5072e86743ad357ee4579b657133fbadd2ba
Size: 456.40 kB - java-21-openjdk-headless-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: c904e017a77684f9f69bf48b08917fbb
SHA-256: 652b365a1c3f9e286af08a9ab60cdfe88f1ae1cef4fb6561baa9c3ed3a4e9768
Size: 49.27 MB - java-21-openjdk-headless-fastdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 6b91847f10ab2d6ac0e101fa52f11f2b
SHA-256: 37a0601710375f2dfeb5ef7e8d556d34afcf05293d103a96f15267571a83f998
Size: 54.05 MB - java-21-openjdk-headless-slowdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 2858d63ed8eea1e493ba6ca194e296fe
SHA-256: c48b6d6d470010be08b026513f78329ee6c52bb6492f9d768642e7dd7a10552e
Size: 53.19 MB - java-21-openjdk-javadoc-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: dc490675c790bab4efe63c605466d43b
SHA-256: 74a12a9090c66ab80a6fec4052bd38c0d1743118fbc52c2b6d1e0c614644bb42
Size: 16.40 MB - java-21-openjdk-javadoc-zip-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: df89f3792238bd38f7feea6d629608f1
SHA-256: 155cb88ce4dae26ab9f3fc23823a635c1c44fdf534eb2410279d0be8dbf91af0
Size: 41.50 MB - java-21-openjdk-jmods-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: a3510eb7915d1bb9c1f3140575271144
SHA-256: f0410abfdc5bb74a068baa0eff79b4aa828058844fbbe37200c831e2713ea3c1
Size: 305.95 MB - java-21-openjdk-jmods-fastdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 8f2593fc1778464a395195f47221d919
SHA-256: c1a276e051c1a541c27cc8616de98806e3e3a8b3d9d224fb004a513d02fe1257
Size: 360.93 MB - java-21-openjdk-jmods-slowdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: b1659182105fccbf51e173d6dbf59049
SHA-256: fc6748c94517556e4d5e3b116ccdf84997961035644cc07ee60524c7d33c5564
Size: 282.53 MB - java-21-openjdk-slowdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 237036a7585c100503c1ea65cd37f6fe
SHA-256: 73e60620f0c79196cf9422efd897cdcb43d7d1208e6d717a0d60e80130ebc6ea
Size: 433.08 kB - java-21-openjdk-src-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 08f47cde7e31630f7d4006f7781d29ae
SHA-256: a096b141225dac2e8b6b9d6c0d5738f1783dc630457ba9c4f7193804e897e589
Size: 47.34 MB - java-21-openjdk-src-fastdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 3fc6965fe4f4c0d4d8676913d51d21a8
SHA-256: 448b41bfbab7551a840a74d767aa9537615e5f15200c7b7255ea58cf5acb158a
Size: 47.34 MB - java-21-openjdk-src-slowdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: c1c4ba9156f2b3e6e8f8464bf83a9283
SHA-256: 2ec7f30e13ed426dfb05151a43949592b594b55d7c050f424593ad23e1718482
Size: 47.34 MB - java-21-openjdk-static-libs-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: d827f3c9257579d0f8df4afe34962870
SHA-256: f9ebf369895737aba31d22a50e6b53d15fc075d0dc0d5b5e83fbf220d6378dd9
Size: 30.90 MB - java-21-openjdk-static-libs-fastdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: eb9587f47c929a83c12a4d3a0ed7d2ff
SHA-256: 561c0d6736b972a0f2f42e09179f998ef3e6d01f588e90c5988bcb90394c7fa1
Size: 31.03 MB - java-21-openjdk-static-libs-slowdebug-21.0.5.0.10-3.el8.ML.1.x86_64.rpm
MD5: 0990b9b41716a6f60b08569cecad7f37
SHA-256: 1859cd73d90fde8ad4eb297bfc8fb98f90cf8cd6f458ef1540ff769898467de0
Size: 24.35 MB
English