java-17-openjdk-17.0.18.0.8-1.el8

エラータID: AXSA:2026-079:02

リリース日: 
2026/01/25 Sunday - 16:29
題名: 
java-17-openjdk-17.0.18.0.8-1.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and
the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

JDK: Improve JMX connections (CVE-2026-21925)
JDK: Improve HttpServer Request handling (CVE-2026-21933)
JDK: Enhance Certificate Checking (CVE-2026-21945)
libpng: LIBPNG buffer overflow (CVE-2025-64720)
libpng: LIBPNG heap buffer overflow (CVE-2025-65018)

Bug Fix(es):

When using a P11SecretKey for both signing and encryption in FIPS mode, the
FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This
was due to the default configuration not applying the CKA_ENCRYPT=true attribute
to the key. The configuration in this release is updated to include this
attribute. (RHEL-142862, RHEL-142881, RHEL-142882, RHEL-142883, RHEL-142884,
RHEL-142885, RHEL-142886, RHEL-142887, RHEL-142888)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-64720
CVE-2025-65018
CVE-2026-21925
CVE-2026-21933
CVE-2026-21945

解決策: 

Update packages.

CVE: 
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVE-2025-65018
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVE-2026-21925
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2026-21933
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2026-21945
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-17-openjdk-17.0.18.0.8-1.el8.src.rpm
    MD5: a132f99b3661c78016500201f8624dbb
    SHA-256: 57b76329944867889d1e7cc042e13e0f9e4aede694528c8223a559e292d2f627
    Size: 64.10 MB

Asianux Server 8 for x86_64
  1. java-17-openjdk-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: f8e265394068c2bacbb5c0008f201215
    SHA-256: 856e0d84b4b4ea857a1a29db9fc102a3865f36530615f81b2d646a5eede8e287
    Size: 500.22 kB
  2. java-17-openjdk-demo-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 4eec49a7298f9a6678dd3e12b131e04b
    SHA-256: 74b87d0ef7f98dcd5669e4c592312393f37fe0b00558f4f632a14f5575046423
    Size: 3.44 MB
  3. java-17-openjdk-demo-fastdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: cb096a2bd98f8df11112e149b71e7f25
    SHA-256: 1d9d41f08fe5121b8c1eb82122e6445f31fc4f402577147b9a5eb02863f1d6dd
    Size: 3.45 MB
  4. java-17-openjdk-demo-slowdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: a5b5d9b699fbab2adf93212152b9c72a
    SHA-256: be51323971e801ad8cb2041ddcb671df5b3f08fdb629a01c0e6ca9ee9e0df1d0
    Size: 3.45 MB
  5. java-17-openjdk-devel-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 14f5170c889dd92bd09dddc3c0d513b1
    SHA-256: 82532fb4c1d0957c00f0bc9ae0f3fa6e8baf55e15f957a61b504052d18bb822c
    Size: 5.12 MB
  6. java-17-openjdk-devel-fastdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: fd5415ac025587ac7f98a124cb73fd37
    SHA-256: c9affc557d69b8c082e21fe8c5e468d367fc3dc699db1ec0ef57680b7bf5ef12
    Size: 5.12 MB
  7. java-17-openjdk-devel-slowdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 1eafc2d3500799c798c446992f229547
    SHA-256: 8f9e44c738b892bf7e9a5ecad2e80ed980840a3038dc5eb6c4700f9ec0226a3f
    Size: 5.12 MB
  8. java-17-openjdk-fastdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 2efcd05e31c2222175cd9679518fbabd
    SHA-256: 032c16dc89d56bca475250d70869f7484c22fde9bc4bb583da40ab57ca5b47cf
    Size: 509.32 kB
  9. java-17-openjdk-headless-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 5aeb26b14c0f99c29b50ab1a02360ade
    SHA-256: faf421ddd6ab9f6bd22944df830d28e77d9d4748d9fd15a6ac340a5721eee0d8
    Size: 46.27 MB
  10. java-17-openjdk-headless-fastdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: ce8b6fd81b8c458cdf571b185167ca7d
    SHA-256: e1733633178496aa0edbd9733aa0ac9de0d78f60db7c9361a2a7b850d0686a65
    Size: 50.79 MB
  11. java-17-openjdk-headless-slowdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 772615c8dd7ef55c93995c0161bf1512
    SHA-256: be0c0fbb185bff6c16740eff92e6248776af76ea3c7b4da29bd389d7d9c5a0fd
    Size: 49.36 MB
  12. java-17-openjdk-javadoc-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 2ce9f7d835186841d74efa31533d7ff0
    SHA-256: cb3905f5a7676b06d54094ba792daffadd9b8f16aa4db0b62300db6037a1bc85
    Size: 16.05 MB
  13. java-17-openjdk-javadoc-zip-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 22048041470661978feb379d537228ca
    SHA-256: 53e7d9fce944dda9896c64fe51a85ec9108920dffa6550687b4873b23848066d
    Size: 40.34 MB
  14. java-17-openjdk-jmods-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 82bfae2056f57a652c7072f13de88c9c
    SHA-256: c8d0ff3eaea8534fbe5507fed3ea914200237af91846620b578f73126256a373
    Size: 256.64 MB
  15. java-17-openjdk-jmods-fastdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 7dfd46f543850cced513bc80af462117
    SHA-256: 6a0100c1dbde887103c13b429fe99c594ab3a5ecdad1db45c9edfd396ebe2ff2
    Size: 249.48 MB
  16. java-17-openjdk-jmods-slowdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: aae4aea837845ca272e041eb351744ef
    SHA-256: ec6ea913d0aaee3673f0a7abe5fd31b8f1dd8d8c60ea050546da2c9c87f7c80d
    Size: 188.47 MB
  17. java-17-openjdk-slowdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 3985ecbe2aa1e63c7a41f9c94b6b8412
    SHA-256: 0f00e64d7e4e0506de6aaf5b6ccccfaf2ddcbf0462b3bda415c06f6cba852cfb
    Size: 485.89 kB
  18. java-17-openjdk-src-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 0fb72eaa8eea10de7d8912bd7a5f85b9
    SHA-256: 08f01e15b366a76d80bc5075488d7a2ed8bad731389f483cf5535ef83f0895f0
    Size: 45.54 MB
  19. java-17-openjdk-src-fastdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 59b839405fbc9771ac0383f7e7d4f336
    SHA-256: ad1db975432c864060b498e3201e38abe4e5ddf5b5ba387c0611d4d2d62f7355
    Size: 45.55 MB
  20. java-17-openjdk-src-slowdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 3ec2942e25f5c8fae84fb38e145053de
    SHA-256: bc149f7ac26bb6dcf8930722bb31c0809023c696efd1722f500026f3736fd1e4
    Size: 45.55 MB
  21. java-17-openjdk-static-libs-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 8bbd423c92cd5fa3eecc794e15477463
    SHA-256: 3080e40d33426f6f14ff6134bad2346f970ac5f4dfa0a636a12b822d03365879
    Size: 32.84 MB
  22. java-17-openjdk-static-libs-fastdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 5f9c857458cb652fafc98869f5b1c145
    SHA-256: d7cb64350c573c67dd9fcef9bf93e3043b727550cb20395684b2e3617a36d85d
    Size: 33.03 MB
  23. java-17-openjdk-static-libs-slowdebug-17.0.18.0.8-1.el8.x86_64.rpm
    MD5: 8dd758f04777f5f1e813ee96a1bea601
    SHA-256: 4e7badc7b6f2b00e66176e63952233668069cd22e91f09b067dba26a76e229e1
    Size: 26.36 MB