java-11-openjdk-11.0.28.0.6-1.0.1.el7.AXS7

エラータID: AXSA:2025-10837:04

リリース日: 
2025/09/09 Tuesday - 11:41
題名: 
java-11-openjdk-11.0.28.0.6-1.0.1.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java の 2D コンポーネントには、リモートの攻撃者により、情報の
漏洩、データ破壊、およびサービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2025-30749)

- Java の JSSE コンポーネントには、リモートの攻撃者により、
情報の漏洩、およびデータ破壊を可能とする脆弱性が存在します。
(CVE-2025-30754)

- Java の Scripting コンポーネントには、逆シリアル化処理に不備が
あるため、リモートの攻撃者により、複数のプロトコルによる不正な
ネットワークアクセスを介して、不正なデータの作成、削除および変更を
可能とする脆弱性が存在します。(CVE-2025-30761)

- Java の Networking コンポーネントには、リモートの攻撃者により、
情報の漏洩を可能とする脆弱性が存在します。(CVE-2025-50059)

- Java の 2D コンポーネントには、リモートの攻撃者により、情報の
漏洩、データ破壊、およびサービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2025-50106)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-30749
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-30754
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2025-30761
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-50059
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
CVE-2025-50106
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. java-11-openjdk-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 0554e7b0f4b85c819ae52a5537538471
    SHA-256: 8ba77fcefa549e281b225e28c8024926c70c32e262f29b9be98f08791d45493f
    Size: 240.54 kB
  2. java-11-openjdk-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 4aabebe0dbf8d29a828e29d108e3b680
    SHA-256: 352ef2fb9a3578cf483315b4712a36be9c59b986e15935df1ab0cf7728166f0a
    Size: 244.39 kB
  3. java-11-openjdk-demo-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 45ff2e21c500114cf9451b73d6d1483f
    SHA-256: 103bc644f1c79311c23486a3712658478c89615bc05cd2f96f9f17126d1a2d1f
    Size: 4.37 MB
  4. java-11-openjdk-demo-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: f866a654f1e1dc14d1729bc1aa5a19e8
    SHA-256: 9a07f825dca57d9226d3fcef62ae04dc2afe35a98f5de43d1d6d0604f05e58a5
    Size: 4.37 MB
  5. java-11-openjdk-devel-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 790459d90090391ba937a1afd49d78d6
    SHA-256: f2b991e88a7cb8075cda042ea2c89ae4471893d38702b1d91e58406437420df8
    Size: 3.36 MB
  6. java-11-openjdk-devel-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: dd8739b082cc8494f82b0ee46ce78c9a
    SHA-256: 4ef6ef2d7423d2cc12d892e06561545cc4a42a1606c192c99e95c27e85f80bbd
    Size: 3.38 MB
  7. java-11-openjdk-headless-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: c63a8972c7293514888c7be512411b7b
    SHA-256: 70eaf30dfcae0777ca84450e0f029770e66a3aae2498f6f095c8cf09d6637c93
    Size: 35.22 MB
  8. java-11-openjdk-headless-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: c8555de8d8028ada7887c408a7891c90
    SHA-256: 3a3d3ab7a43bb4543ab80cddf1c80bbca30d3b3a7ef0df5e06fa28742c0260f2
    Size: 39.12 MB
  9. java-11-openjdk-javadoc-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: e4f44e52243b92f5fc8250f5c723db42
    SHA-256: 47cc7301cb4861cc0e6af5f93d00cd19f66738bb02adf547eecd0b2b5a0513fd
    Size: 16.11 MB
  10. java-11-openjdk-javadoc-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 9a250c2562b8634a9238fb756c005d2a
    SHA-256: dc1c5639ee672c8458e71f47eb8addddc886c006765437ddde94f397b22be709
    Size: 16.12 MB
  11. java-11-openjdk-javadoc-zip-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: d6f29c57392f4ce4347cbbcd5ccd2f7d
    SHA-256: 9604cee84af88326c98ec5805e959f7fada740f7342f82a1d0871b7dd22394c0
    Size: 42.14 MB
  12. java-11-openjdk-javadoc-zip-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: d114692047ed59970827eeef70d14d3d
    SHA-256: fbf5e958fcb5d60743deb45e03b9e3fe89dcd115693cb2c0a8874a16317cea0f
    Size: 42.11 MB
  13. java-11-openjdk-jmods-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 96531ba2c769acaa26891b49ed62e4b8
    SHA-256: 83299da815ee359706957f3ca8fd043918fe9eedd832a95ad58f6df5dbd3fce0
    Size: 258.62 MB
  14. java-11-openjdk-jmods-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: bab2230dbdb6ff3f56a09cb2540e0cc0
    SHA-256: 44c83151f03b26cc6ed7c23b8e69aac8dc8419b53d3597444a06b8d7de5095fe
    Size: 306.33 MB
  15. java-11-openjdk-src-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 9de0e4964e5378a0094748f0ca0b5c41
    SHA-256: 39bdb582576a75e3210e8c798540406317c04aaaee72bbb5616ee513f59373d8
    Size: 45.79 MB
  16. java-11-openjdk-src-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: f177cd3dc10eda4b0bb29d79cb00c190
    SHA-256: 304d3f66b3d7fee84e6491dadf8fdf00647185cd2434cedc9f7ca460e8f4fc4d
    Size: 50.53 MB
  17. java-11-openjdk-static-libs-11.0.28.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 4b8dffaa9d53dd07087a543dfa15ec5e
    SHA-256: 54385325acf94a033cb223c597f7f5a93c2e46c680bf372d8d7930e7fa3cb742
    Size: 7.16 MB
  18. java-11-openjdk-static-libs-11.0.28.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 66ce18043460f487c809e9816e2bcf7c
    SHA-256: 20796c01556d7b9c9ef4ad2f05eb1f9231782cc65dfbba38183dc5f5b4960eaa
    Size: 7.58 MB