java-21-openjdk-21.0.9.0.10-1.el8.ML.1
エラータID: AXSA:2025-11029:17
リリース日:
2025/11/06 Thursday - 15:25
題名:
java-21-openjdk-21.0.9.0.10-1.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Java の Security コンポーネントには、リモートの攻撃者により、
複数のプロトコルによる不正なネットワークアクセスを介して、不正な
データの作成、削除および変更を可能とする脆弱性が存在します。
(CVE-2025-53057)
- Java の JAXP コンポーネントには、リモートの攻撃者により、複数
のプロトコルによる不正なネットワークアクセスを介して、機密情報の
漏洩を可能とする脆弱性が存在します。(CVE-2025-53066)
- Java の Libraries コンポーネントには、リモートの攻撃者により、
複数のプロトコルによる不正なネットワークアクセスを介して、不正な
データの作成、削除および変更を可能とする脆弱性が存在します。
(CVE-2025-61748)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-53057
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2025-61748
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- java-21-openjdk-21.0.9.0.10-1.el8.ML.1.src.rpm
MD5: 02b6c117b7af38f7b61804244c61c9c3
SHA-256: 4816719ce17498628eba42ae1c7a4c8548dbd3836c9cd959572299eb3ec80a17
Size: 67.58 MB
Asianux Server 8 for x86_64
- java-21-openjdk-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: b51094d7fd1f04f8538dcf054f360e67
SHA-256: db1ef4e9a8e5e21c9c7420cd011739416379cb0e25da18e2a4f4e8519ff74683
Size: 422.34 kB - java-21-openjdk-demo-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 122e974c9dec37e5ec699120fe9617a4
SHA-256: 46d90323a4e97b6302370a74c52be19da63a3a7184123f8b6f979579198fcb1e
Size: 3.17 MB - java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 123c35655eaa5eb102ab20e3ae836e27
SHA-256: d4a8bd5d06e654dc1602faff3f2d9c72bd47e4b5ab48b36bef9cddfdc1dc0fa2
Size: 3.18 MB - java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: c3f02f069fc9b74effa639f0bbcc068c
SHA-256: 0d4b10238651220217c05a811b0b7b2298e7b86692803792cd11ceed5c1c1305
Size: 3.18 MB - java-21-openjdk-devel-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: c858f3205164ba99a62e290c31236585
SHA-256: 20bb2cdb4d5a987fa2d2ec16e335c8d58e30221157da23f557c63175d1911d2a
Size: 5.17 MB - java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: dd7638e37f8d3684dfac2fe8ef32a1ea
SHA-256: 8f6a152ce023755dcc7c8fdb7e4019d8d12e6d672368a5c367cf1bbd0352fc65
Size: 5.17 MB - java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 149abc71da83999c01e1e8e6b1eef444
SHA-256: e5453f4e38ed9fcfae30699365a133b96790a0f18b1b08cf57c266ef545129f9
Size: 5.17 MB - java-21-openjdk-fastdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: a8c7a7aa3b5d3ef56691e83863812846
SHA-256: d802416bce290a3148c4646c8c0753d130bf1d421cc4b31e6c1897e7e3b32c8f
Size: 432.14 kB - java-21-openjdk-headless-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 3154b50fd2f48bf5c0fc8cbf6730a6ae
SHA-256: a1c305ec2db92f00955e63e8c454555492475ce5529d3e7d0369b5f405ef7761
Size: 49.44 MB - java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: c325e6ff8d7fd7d1ac2a2d359d4f1477
SHA-256: c967cee30ef97320c64d2e0583bace94df321e70bfb544bfe80ea6be3fcd4c66
Size: 54.22 MB - java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 1b21f90ef69b50f5d434c00e7904a866
SHA-256: 50c9c8df6f2af66a87c4d387f63e294e3a5233e77a30823d20ffd6fb3a50c8ec
Size: 53.39 MB - java-21-openjdk-javadoc-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 48b9974111af0f71db4e4574d2a69e7c
SHA-256: 8ced02b2ae6b28896d3835b329e9c593d74f095514af2010de176558418ba6aa
Size: 16.40 MB - java-21-openjdk-javadoc-zip-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: e50149be9777253408abd91c868ed8f2
SHA-256: 38d82c4915c316c919e0babe4f002bdda1a7bbf5c84e7f70f8a0c33b0c1d0f47
Size: 41.52 MB - java-21-openjdk-jmods-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 8c7cfdf3d6aaf4cc0b413a8159a5d578
SHA-256: 7218aab145a421f575cfa4b9283a0a1712440574770f7943ba9fdf7f6c0875db
Size: 307.75 MB - java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 7dc94ebe3f6c8656bcadd2994ffab183
SHA-256: bddc09648dcb18d127489d032dc1de130c0db2b79b6dba8dd26d72ff59b09f1f
Size: 362.86 MB - java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 39baad2b0fe8a6d4bcea0e786c943d7b
SHA-256: bce2d29d378c2b341682c8e9223506650421884b06f0b4382cdb699b43b398ae
Size: 284.62 MB - java-21-openjdk-slowdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 6876ac86b7e1b9c5db244e3062babeb1
SHA-256: b497ac7003eb86cb10ec6374d81eb610b3305090492cc57c311f685fb8bb936b
Size: 440.92 kB - java-21-openjdk-src-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: b60eefd7e3ea5ac582841076f2ad513c
SHA-256: bd025b3ec1deefd7b473077c9b3489bcc19e6f6ecc035044fc99efa6bcd3d1e9
Size: 47.39 MB - java-21-openjdk-src-fastdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 902362bc92949dd9cdbf01fd0ce00c2a
SHA-256: bab56aa8604997f95bafa2db2b112e8bfdcb437d71e726c697ee816d9c395fda
Size: 47.40 MB - java-21-openjdk-src-slowdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 4e41a37936ee3e0bebd6ffc2e9cc98c7
SHA-256: c710d3b728f64a751dc35b2b2acf3a4c6285af9f06c7ce9b9674968e29193e09
Size: 47.40 MB - java-21-openjdk-static-libs-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 769a7c5dc0d96c76a0a2708c739f17a6
SHA-256: 13c7e44ce7f3ac2cc883704e5f267a66441d26b17e36b57582f4efef37ec1c06
Size: 32.67 MB - java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: 821fb5c6f1d68932285a37452c946155
SHA-256: b7a2fc7b76f8f08cdd07e04cc74cc84bf259f7dad1540bfa21df08c43665d09d
Size: 32.85 MB - java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.el8.ML.1.x86_64.rpm
MD5: d443fbf5a75a391d96702fb9fddf3a6d
SHA-256: 4339378c7ff7f41d58f48a562c6cdeb0ab2ab92c734d50912af74dd54121d584
Size: 26.26 MB
English