java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1

エラータID: AXSA:2026-610:09

リリース日: 
2026/05/13 Wednesday - 09:25
題名: 
java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Java には、ローカルの攻撃者により、情報の漏洩を可能とする
脆弱性が存在します。(CVE-2026-22007)

- Java には、保護すべき情報を暗号化せずに送信している問題が
あるため、リモートの攻撃者により、情報の漏洩を可能とする脆弱性が
存在します。(CVE-2026-22013)

- Java には、リモートの攻撃者により、XML 外部エンティティ
インジェクション攻撃を可能とする脆弱性が存在します。
(CVE-2026-22016)

- Java には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2026-22018)

- Java には、再帰処理の制御に問題があるため、リモートの攻撃者
により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-22021)

- FreeType ライブラリには、メモリ領域の範囲外読み取りの問題が
あるため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-23865)

- Java には、用いている暗号の強度が不足している問題があるため、
ローカルの攻撃者により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2026-34268)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2026-22007
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2026-22013
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).
CVE-2026-22016
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2026-22018
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2026-22021
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
CVE-2026-34268
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1.src.rpm
    MD5: 30f1074b8d7f52d9968dad2e0a0f11df
    SHA-256: f0634dfcbc3baccde3efe087c7aa293e2393b0fdba31c534886358513e068817
    Size: 58.53 MB

Asianux Server 9 for x86_64
  1. java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 97edf0e3474906ebcb70753cfeba45a1
    SHA-256: b23b4a0e0a5dcd7258eb2f0d149a6f40f70eb6a5521369b973ab2a706e220860
    Size: 419.51 kB
  2. java-1.8.0-openjdk-demo-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 7f7cb8baf0404f7c1b58b0aa686c60d9
    SHA-256: 378e76693e2145610614bc5755a7962a476b9114aef3b7a4b95c071e7e7389d9
    Size: 2.04 MB
  3. java-1.8.0-openjdk-demo-fastdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 1393b1cd2c038010ab8418e5ca0907d9
    SHA-256: dcb0d03923d3978e4b10b8d9bd425b7e39858a8c6994ce1946fbba56aad84cca
    Size: 2.06 MB
  4. java-1.8.0-openjdk-demo-slowdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 082ac639e7c1c2e0909a27c490d0cc97
    SHA-256: 4655b7a4b292020f29f5d832aa959d019938cd7c0fadbda063695955c81c0804
    Size: 2.05 MB
  5. java-1.8.0-openjdk-devel-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: f520c8f2bb73c2ae7968a452d9e77068
    SHA-256: 9c6fad339bdf74bfe67ea78109b04d0655d8ad73b47f0100825fc57aecdc8f49
    Size: 9.35 MB
  6. java-1.8.0-openjdk-devel-fastdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 49b76ecbfae21acb7b19440e0201482a
    SHA-256: 275c610bf6e95f65aae615b2ec6ea175cbf0a408716bd30844442bf0c7d4fec0
    Size: 9.36 MB
  7. java-1.8.0-openjdk-devel-slowdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: a207e2ce31f797424654622b4a138680
    SHA-256: 49c0c4bf5ab24f641258a55ebd625796073372468ec7de53638d903e8582680e
    Size: 9.36 MB
  8. java-1.8.0-openjdk-fastdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 3f58b777c4727813eb048d0ee9d8b355
    SHA-256: 574f9b2b470a23e566f96d92a37889ace86087d20810dc14815b41d62f8687bc
    Size: 431.44 kB
  9. java-1.8.0-openjdk-headless-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: a806fdf2e593a3fb3799e99db8462b6a
    SHA-256: 9f439abdaaa70706994b399ca5011e037d8c1754cf33109b387a6c6dc6b3920e
    Size: 33.20 MB
  10. java-1.8.0-openjdk-headless-fastdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: d89bee9badae1782bb1f4b7b71688bd5
    SHA-256: f7a1baf274fd9ba715c79b377888d44f4b8d07e8a54d8e1d3e65d2b95ad98a18
    Size: 36.95 MB
  11. java-1.8.0-openjdk-headless-slowdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: d56cdefc15ceb8572247bac483452d8e
    SHA-256: bd995c875fce44b01ee429ea48253faa3fe7664dec817f586b0b5167ddfc7f41
    Size: 34.42 MB
  12. java-1.8.0-openjdk-javadoc-1.8.0.492.b09-2.el9.ML.1.noarch.rpm
    MD5: 690490aa8435f50ab79edca9d4d527af
    SHA-256: ff30c6b382446f1bc9188fdceffdd442469bb0dece18006a5401ee08c3642702
    Size: 14.45 MB
  13. java-1.8.0-openjdk-javadoc-zip-1.8.0.492.b09-2.el9.ML.1.noarch.rpm
    MD5: 4ed9eeea679081ee3cc3e0608034e853
    SHA-256: 82e78bfb0e835a329f67abbafa490bad62a7c7b38f527e7a899f2ec82d7d4632
    Size: 40.82 MB
  14. java-1.8.0-openjdk-slowdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: f4667091ebfa3e85037d96ed84cece44
    SHA-256: dcd944d31834917ed39238931becba6e5dc22582e7b594f35fea86c69c8dd214
    Size: 404.06 kB
  15. java-1.8.0-openjdk-src-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 8c192d626d5267be9431bf4e1605eb94
    SHA-256: 71ce5c1eda13e09b803d791c643e6470831dbbb4c7b2549eeba318d6f36faf1f
    Size: 44.66 MB
  16. java-1.8.0-openjdk-src-fastdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 710c1d5a773d4f06bef011a6a13f8ae5
    SHA-256: 5d0cdd71d5ed508ac64cd20d24c12e0e4d07c0ed0dde6cd2f1166419cbed497e
    Size: 44.66 MB
  17. java-1.8.0-openjdk-src-slowdebug-1.8.0.492.b09-2.el9.ML.1.x86_64.rpm
    MD5: 049703daf0d1b8d0396ddd3529052314
    SHA-256: c698fe0111318bf6ca25413c7ecf553ac23a81cb6ca876b5e992a2b09e313518
    Size: 44.66 MB