java-21-openjdk-21.0.7.0.6-1.el8.ML.1
エラータID: AXSA:2025-9872:06
リリース日:
2025/04/24 Thursday - 18:09
題名:
java-21-openjdk-21.0.7.0.6-1.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の JSSE コンポーネントには、リモートの攻撃者により、複数
のプロトコルによるネットワークアクセスを介して、不正なデータの
操作 (更新、挿入、および削除) および不正なデータの読み取りを可能
とする脆弱性が存在します。(CVE-2025-21587)
- Java の Compiler コンポーネントには、バッファーオーバーフロー
の問題があるため、リモートの攻撃者により、複数のプロトコルによる
ネットワークアクセスを介して、不正なデータの操作 (更新、挿入、
および削除) および不正なデータの読み取りを可能とする脆弱性が存在
します。(CVE-2025-30691)
- Java の 2D コンポーネントには、リモートの攻撃者により、複数の
プロトコルによるネットワークアクセスを介して、不正なデータの操作
(更新、挿入、および削除) および不正なデータの読み取りを可能とする
脆弱性が存在します。(CVE-2025-30698)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-21587
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2025-30691
Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
追加情報:
N/A
ダウンロード:
SRPMS
- java-21-openjdk-21.0.7.0.6-1.el8.ML.1.src.rpm
MD5: 38f47d6dc9146b70ca2b6cf094276c19
SHA-256: cd9c6b7b3586027498b2abd840465afb4ab96328fb45bcab64afa4a134970229
Size: 67.31 MB
Asianux Server 8 for x86_64
- java-21-openjdk-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 5aaf1e377b0b1742e01486bfe1afaf57
SHA-256: 9448a0172a68b7cd040ac0d7dcc6b408c1813db65215686e078df8dd2ad814cd
Size: 448.87 kB - java-21-openjdk-demo-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 7ba6eae56e6a0fd9f338cb011e658ef7
SHA-256: 28909345c5180822939f3d3cdfcb435b66603f3b3eed0f0dbf0a379cccbd99c7
Size: 3.17 MB - java-21-openjdk-demo-fastdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 78759ad05b32d5bb59dee5c9bf0791dd
SHA-256: de54901100b4f86834b400faa457781bfd91312aac21602c9732357295e88061
Size: 3.17 MB - java-21-openjdk-demo-slowdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 380dbaa8d7c8d579110b21de6562d2ba
SHA-256: 4b101bd9d1e202dbd710ec6cfe04c2aace07dafd59debd7a443322476152a228
Size: 3.17 MB - java-21-openjdk-devel-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 317f07af4eb1bb2b8f033d486890b557
SHA-256: 5ebd435918fb7c855967037995fef68dfd083abb2389c5c07b851d8dee0911b4
Size: 5.16 MB - java-21-openjdk-devel-fastdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: f75ad6bbda9f4f0cdeb68bc9e3b0b88d
SHA-256: c055a789b72a127942f91fba3ff2360942d173171f26693365ea1f89c4525464
Size: 5.17 MB - java-21-openjdk-devel-slowdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: c2ced939774269a7e77cba46e4a49012
SHA-256: 4f135fdb1101f42926f6ef0ef417c87acc579b309dcb428e8dcd5354607a73a9
Size: 5.17 MB - java-21-openjdk-fastdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: df74d947b82dc3a58001f35c16579beb
SHA-256: f369907d801ea83de871954da18c8719bd722577738e37e9f3f1d6f686fd9b61
Size: 458.56 kB - java-21-openjdk-headless-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 60520e2e343a63a0a56951c20874220a
SHA-256: 19e4d050eb01332944fd9edb9cefa386680e4ab61463a0c1aabfe7869005c846
Size: 49.32 MB - java-21-openjdk-headless-fastdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: f85b04a557080b6d426302620d0ff910
SHA-256: 891bf7033b00e212a969daf375a3fe3cab870cd1ee15e94ce5902f5e26b8f665
Size: 54.06 MB - java-21-openjdk-headless-slowdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 080ddbab00a7b8566e6995d47c3d4f51
SHA-256: b5a234c0f71552a74204443bfd598c40b1e8a79b59a1a77dca1bb9eb52c45d56
Size: 53.24 MB - java-21-openjdk-javadoc-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 3b92bb4d5e380f4ea9e7b51237ca769b
SHA-256: 4edb3341bb44dd76fd300f5c0c735523893a74ec78ba8813f63a4e28099d48a7
Size: 16.40 MB - java-21-openjdk-javadoc-zip-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 2c6632f8e9633b92cfe20b06052e4ec7
SHA-256: 9b36f0f1407af0c5d6441b2f123a7eaf5fca3863918cafb219dbdc1d2311c6e3
Size: 41.50 MB - java-21-openjdk-jmods-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 042c66b54437d746cc149368b8fa3137
SHA-256: 3ff154ad62fb0b37e6e738c6c88ef53bd65030fc7ed533a1ec788b11c7848e41
Size: 305.94 MB - java-21-openjdk-jmods-fastdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: dd113c004aca04e06be828997956969f
SHA-256: 108de1fe23d84adb7f61c62171a2a25f1897f045cd84e81c3974777ef20caca9
Size: 360.98 MB - java-21-openjdk-jmods-slowdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: db3607f292704a54d4aaede080fc06b1
SHA-256: 2b2b6b0c37cc4e73f01b2431a14bf2aa0d190fe790214b9cab33561576f11e64
Size: 282.56 MB - java-21-openjdk-slowdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 5e4fa8e852453b888d57eb6eafae699e
SHA-256: e1177bed5f5083d6251758880852c29a1647db22cd8a4f0c4b334a3c9f5d1a67
Size: 434.40 kB - java-21-openjdk-src-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 704a62b303ddc9bb223c1419a7f9cbf5
SHA-256: 597f86bb58e2caf98c970da252f5bfa16810fd87840fa9472a2b05fa4fd06eeb
Size: 47.36 MB - java-21-openjdk-src-fastdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 5e3abeeb2c0b7157a794dbff9e2bab86
SHA-256: 47bf9f0d12b6a217a75413d8653d81315cc6040507a69c8ac38112f67ef0b87f
Size: 47.37 MB - java-21-openjdk-src-slowdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: eadd86cb745ff2c5d0b1e73d3deefe31
SHA-256: 78b2f2fb049712fd138c55c656037684cc5d3072a758724de5ad3be61a53664a
Size: 47.37 MB - java-21-openjdk-static-libs-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: fcb26c9987bdda2c230ccedc0bd9a733
SHA-256: a3c49b7b06df4d46c05b15ad3a6aad55c4ae9f70023c43657eed4839158a8b89
Size: 30.90 MB - java-21-openjdk-static-libs-fastdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: c9d0b7f7e0f75bf12f181660c843b4dd
SHA-256: ca14a0e03c66016a579e8b5939bb6471d300ebe47291c90010d1f1296fa7ab89
Size: 31.04 MB - java-21-openjdk-static-libs-slowdebug-21.0.7.0.6-1.el8.ML.1.x86_64.rpm
MD5: 7429d9c9f970230544ff4fac5d0da131
SHA-256: 8ec9cc2e08c3fcfb6a264ae1fc78180ac4f2e642830c04c37b279b6855b16613
Size: 24.35 MB
English