java-17-openjdk-17.0.17.0.10-1.el9.ML.1
エラータID: AXSA:2025-11024:17
リリース日:
2025/11/05 Wednesday - 10:25
題名:
java-17-openjdk-17.0.17.0.10-1.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Security コンポーネントには、リモートの攻撃者により、
複数のプロトコルによる不正なネットワークアクセスを介して、不正な
データの作成、削除および変更を可能とする脆弱性が存在します。
(CVE-2025-53057)
- Java の JAXP コンポーネントには、リモートの攻撃者により、複数
のプロトコルによる不正なネットワークアクセスを介して、機密情報の
漏洩を可能とする脆弱性が存在します。(CVE-2025-53066)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-53057
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-17-openjdk-17.0.17.0.10-1.el9.ML.1.src.rpm
MD5: 17acd7f73923ec3de152a6ada5d1c588
SHA-256: 673821a4776667a4a7615bc3ebf31808042f76ffecfaf0ad85734e9c4d2beb3c
Size: 63.96 MB
Asianux Server 9 for x86_64
- java-17-openjdk-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: c64c4145aa8860aefbe85602e774ef8c
SHA-256: 7229150069a1282a0584b48deb125cf0f2478849fccdbe34ff98ce148dccf78e
Size: 428.87 kB - java-17-openjdk-demo-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 36694257eac01c45e4cd0f63b6c3e26e
SHA-256: 0703e4a2a4b3e1d98c98c89e5b9bbc0309241c551a58df9edd75e82459cb12c9
Size: 3.41 MB - java-17-openjdk-demo-fastdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 4c298e4f80c3796baf396dbc766fc15f
SHA-256: 6cef0bc1c190088cf1b4937ee7bad349132751bceb86048214c0949331422ed6
Size: 3.41 MB - java-17-openjdk-demo-slowdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 51c48539e0f9e04f73e3c1c9b852222c
SHA-256: 579c5284ca5f7cc48cbad23de87787e7724d7f5a0e8e8403dfb1d23b67e919d8
Size: 3.41 MB - java-17-openjdk-devel-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 07c6f356ca7b755c9c26cc521b9c652a
SHA-256: f1d31b63f655151788c3a0b3e7032eab7cbaac3ac2e83ce6a9904fed7c6fb1c3
Size: 4.72 MB - java-17-openjdk-devel-fastdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 4a998a4da58b9df6ac8e08fc9f382611
SHA-256: 58e32620ce91e054dc0b2b2dfe5fad8ad4c2221d5048524fe7e0f25c50ce8488
Size: 4.72 MB - java-17-openjdk-devel-slowdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: dc496738e0e29fe7460e12f1551ac1af
SHA-256: 2ef8f05be29084726d7c10c3c3ddc99452c2714ffb3abb88f4e01578f28ea810
Size: 4.72 MB - java-17-openjdk-fastdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 07390098cd584532d2f1bc65d45c82a4
SHA-256: 5d8e5f5d1cc36f24168d1e42ad870bcc65f99bad559d98d962ba920a4779e77e
Size: 437.44 kB - java-17-openjdk-headless-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 5b897f4853deb45f73e9ad304c7219e2
SHA-256: d47e0d7094b7fe96c6414dfc9b30fbc9e0e966e59cb7524664eb5287ab5514ec
Size: 44.08 MB - java-17-openjdk-headless-fastdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: c6896b5c62878b2fb5eaaf4d61b2e662
SHA-256: 0e3651fc11faddbc883dd741699162f359908eb3de2375fb98c679fe4a7f3b37
Size: 49.08 MB - java-17-openjdk-headless-slowdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 4506ce92f8ad657feee556a00f277ef8
SHA-256: 0d774719476f2a8c623c6726811488e27262746161ef2bea175c6cd320eabd11
Size: 45.91 MB - java-17-openjdk-javadoc-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 8e0ac24dbdc7a649f13ddc0e423cd383
SHA-256: 842c5ef6ee93e3233d05ae994772995baa29cf0bbc5ac20ece7ed1ca841fb1cd
Size: 14.67 MB - java-17-openjdk-javadoc-zip-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 18397d6fb8fb723914319b4e9c097a13
SHA-256: 319892997f45d39441bf61442d495a23adbc97334e84d4aa41746ccb9b14b6e6
Size: 39.46 MB - java-17-openjdk-jmods-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 2f4f2787c742008412a4202d6c82d13e
SHA-256: 19f2292979d1f456e02e635adeb319403d5abb6a310f8752b29f70f1fc12d0a9
Size: 245.18 MB - java-17-openjdk-jmods-fastdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 2640248da966409fcca8d75eaa24171b
SHA-256: baa66dbf3a934e6af4a8572f50b5dd1dce999a3eba825b5567358ce3f3bbb635
Size: 243.62 MB - java-17-openjdk-jmods-slowdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 8bacc5a2fd715f6afec8e73b756cf988
SHA-256: e46f7435bbd3d0284bf8d6b8a4caeebf6fe627976b47f9130208e62f773f4aa8
Size: 173.69 MB - java-17-openjdk-slowdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 1ddc6fac29411eb2cecceddc8d5c9e1b
SHA-256: 55bf605997d3d5b07106334d85cb424c6385091711d2c1acd9cf4b1e1a4a9727
Size: 408.52 kB - java-17-openjdk-src-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 0629e15968e63da4daa178d3e1eb3c50
SHA-256: e7c93b82e0c63a653549dfe8868800dad9413741f0c822ba7bfe1e73b0400d27
Size: 44.87 MB - java-17-openjdk-src-fastdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: c9f45a8469f792688a3b15d3b921e262
SHA-256: 6a843d16b42c9f91a076fc228359ae187e3f5e49cab21f90e8593b4d17420ba7
Size: 44.87 MB - java-17-openjdk-src-slowdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 11171e9b10ad3b18fb018ae5b924dde8
SHA-256: 66b5a38bf5c216d323dd3f14e21a4df75f213e38745c29555018c5346ed2fb9a
Size: 44.87 MB - java-17-openjdk-static-libs-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: d78f62e141356e49f80daab64d1f4309
SHA-256: 53c5b93ce6db7116f7c2f862a18e8e64f40c2248afbcba34cc283eddd0f70ccf
Size: 27.84 MB - java-17-openjdk-static-libs-fastdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: 378d55b1408a023c85d177838237f6e6
SHA-256: 7976ebc06e604fd5fd84f31971d467c9cb7849c08d2b5d96791112fa32dd27f1
Size: 27.98 MB - java-17-openjdk-static-libs-slowdebug-17.0.17.0.10-1.el9.ML.1.x86_64.rpm
MD5: e6a1ca4846c96b8dfba5fbc7abdc7997
SHA-256: 6c4064d43da8114712e2d5b475b6c29b1a43c2102424dc4a3c860243dd85b295
Size: 21.60 MB
English