java-21-openjdk-21.0.9.0.10-1.el9.ML.1
エラータID: AXSA:2025-11028:16
リリース日:
2025/11/06 Thursday - 11:11
題名:
java-21-openjdk-21.0.9.0.10-1.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Security コンポーネントには、リモートの攻撃者により、
複数のプロトコルによる不正なネットワークアクセスを介して、不正な
データの作成、削除および変更を可能とする脆弱性が存在します。
(CVE-2025-53057)
- Java の JAXP コンポーネントには、リモートの攻撃者により、複数
のプロトコルによる不正なネットワークアクセスを介して、機密情報の
漏洩を可能とする脆弱性が存在します。(CVE-2025-53066)
- Java の Libraries コンポーネントには、リモートの攻撃者により、
複数のプロトコルによる不正なネットワークアクセスを介して、不正な
データの作成、削除および変更を可能とする脆弱性が存在します。
(CVE-2025-61748)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-53057
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2025-61748
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-21-openjdk-21.0.9.0.10-1.el9.ML.1.src.rpm
MD5: 73c9b9758e93ed59d0c62e36cbc9b221
SHA-256: 15d979e95ac9ba144aaaa919150d5c628ff854c0e3120d96a6fe0f578bc15220
Size: 67.58 MB
Asianux Server 9 for x86_64
- java-21-openjdk-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: b03bc9f1c8c652ff720e8ec5dd0add44
SHA-256: 7d5667a75fb5ed0caab5e665f4f9674c202617943874d1d862d2772114fa5a18
Size: 399.02 kB - java-21-openjdk-demo-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 20ce1a128f05308482d8f77f0648bba4
SHA-256: 4cbab7ca82db58eb7ed45b6f24b01e7944797b9e8a89791f9e09262f648b36eb
Size: 3.18 MB - java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 4cdde749e0c1156e4640f7700423cf9c
SHA-256: 5783556ef6d9c46e0f70fca29d7ba41084c8acb492a6728b0d087f194ee14842
Size: 3.18 MB - java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 884dd1d7fb9e9793b0526d59840d2613
SHA-256: a6265997d6223c02a6d484c6139defe7707ad6b8e61d2ee5000e2aa5c2a90667
Size: 3.18 MB - java-21-openjdk-devel-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 68faa19fea02c4fe1c879f8dfe6e5054
SHA-256: c70ce3abb23d66814062bcfd958b56e55c9d1ac4dae5e20b5b05efceace8e24d
Size: 5.00 MB - java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 8cd66657171418ce5217dd2df5eddff4
SHA-256: 7fbde5ce345e75633813123b83366cddfee926dece1e67ee2767c4dccd090ccf
Size: 5.01 MB - java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 6955850cc56ab11af928f4fc41ea2828
SHA-256: 4c1d6fe4b902cd612fee90591fded0bf240e7d13593bf4b8fb36b7276cf81a37
Size: 5.01 MB - java-21-openjdk-fastdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 30f1775bfbf293102d330651db0f8ade
SHA-256: 53d1bd5ea16129b910aba93ad2b03825106fbde7dc77635857f56ad1defc01fa
Size: 408.14 kB - java-21-openjdk-headless-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 70d4d92e8c9ff07f0fb928f8a43973e1
SHA-256: 3b6916067b6788f1c0289f23c7a88893d15586284c330d1bf30233e43955894d
Size: 47.36 MB - java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 0f0b0c86220f27e1392034beeee028c8
SHA-256: 2631b90c6b77aa089822702d434abbd0d7076c3a9fa2444bb551c53821906cb1
Size: 51.89 MB - java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: f7466d40fb5eb507ff1e63b2db54dedd
SHA-256: 93b58b74336a1729e784c75e4e56a00f28570378e3c5167daaf4077f15476eba
Size: 49.95 MB - java-21-openjdk-javadoc-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: ba10b0cabb1a4074224cbaa169825bf9
SHA-256: 3cbca5f758531dc2dcc70a3e721457b6e69c57ab17d11b059438628986ed902a
Size: 14.97 MB - java-21-openjdk-javadoc-zip-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 773bb80602400d8414e8cf994073b570
SHA-256: 1c0e3bb54fb3d3446935b1b0b7b7c2c2041f079a71010f212261e6b8bd947e06
Size: 40.57 MB - java-21-openjdk-jmods-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 8ef6f2713b0a6b9df703b4eb046534c1
SHA-256: 6290659049fb7f4ed0338f623a44e4426d6377c45c6fc1c669aecaf2c85d4c22
Size: 302.90 MB - java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 789f2f9a0bcf46c86188e63e10dc8870
SHA-256: 2c213db0fa2728b27023f64888c41b4e65af3204491d9323ecda91080c72705a
Size: 353.94 MB - java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 9feba3bee50ce352fffec873ee6c3ac4
SHA-256: 66c91f6589c5f14e33020a594393b20ba2773756d3e4c5b15bf8c54c87e242cd
Size: 269.16 MB - java-21-openjdk-slowdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 5bc338ec8738e257671ab8ae95335097
SHA-256: 91d136d0be87c41d058256a16ba509d0c1e41ae3be27400e97f03594a767dcfc
Size: 407.94 kB - java-21-openjdk-src-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 2773e13e2ed1c9d030dc841f9a14ea00
SHA-256: 63f0b0f80110718e39d6c9c38444b81d3c86f303ee5a4f3812c74ce5021a6a1e
Size: 46.75 MB - java-21-openjdk-src-fastdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 170a167d0585051d35d7b298cb4f7874
SHA-256: af184d821c16444aa8881cd74e9d2670c89784623adb0eb20f1a81ffda79c015
Size: 46.75 MB - java-21-openjdk-src-slowdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: e62c77cbb27c72599515ccf600fc11c4
SHA-256: 7a7e348de6cce26d77d0b26bfbd157f41cc11192350040829c4e501c7a7ea46f
Size: 46.75 MB - java-21-openjdk-static-libs-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 4c9cd526785ccd3ae6c4bc7d6bf65cfe
SHA-256: 333281f01465c872fe76181964bd758c0d447053d81459f657be2925f2424d4b
Size: 30.04 MB - java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 2b27c08c107484a0af576064aa7b66c8
SHA-256: a51b7622b5be12b63ae046b3e08de7cc7588cac57085b83f3d28c77f447ef5cb
Size: 30.16 MB - java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.el9.ML.1.x86_64.rpm
MD5: 03e967cb1a7c41270b2bba1a19d22bd6
SHA-256: e28f4d47a2486b6544de95ee958e07061d5fa260381f3dcc6c0f0ceff3d31300
Size: 21.31 MB
English