政府电脑保安事故协调中心 - 保安警报 (A24-01-16): Oracle Java 及 Oracle 产品多个漏洞 (2024年1月)

描述:

Oracle 发布了重要修补程式更新公告，包括一系列应对 Java SE 和不同 Oracle 产品中多个漏洞的修补程式。有关修补程式的列表，请参考以下网址
https://www.oracle.com/security-alerts/cpujan2024.html

受影响的系统:

Oracle Java SE
Database
Fusion Applications 及 Middleware
Oracle MySQL Product Suite
NoSQL Database
Oracle 及 Sun Systems Products Suite

有关受影响产品的完整列表，请参阅以下网址：
https://www.oracle.com/security-alerts/cpujan2024.html

影响:

成功利用漏洞可以在受影响的系统导致远端执行程式码、服务被拒绝、权限提升、泄漏资讯、绕过保安限制或篡改。

建议:

现已有适用于受影响系统的修补程式。受影响系统的用户应遵从产品供应商的建议，立即採取行动以降低风险。

Oracle Java SE 产品的修补程式可从以下连结下载：

Java Platform SE 8u401 (JDK 及 JRE)
Java Platform SE 11.0.22 (JDK 及 JRE)
Java Platform SE 17.0.10 (JDK 及 JRE)
Java Platform SE 21.0.2 (JDK 及 JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

OpenJDK 的修补程式可从以下连结下载：
https://jdk.java.net/

用户也可通过以下安全公告，以获取其他 Oracle 产品安全更新方面的资讯：
https://www.oracle.com/security-alerts/cpujan2024.html

用户可联络其产品支援供应商，以取得修补程式及相关支援。

进一步资讯:

https://www.oracle.com/security-alerts/cpujan2024.html
https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20240117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35163 (to CVE-2020-35164)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35166 (to CVE-2020-35168)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515 (to CVE-2021-35517)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182 (to CVE-2021-41184)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003 (to CVE-2022-42004)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889 (to CVE-2022-42890)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44729 (to CVE-2022-44730)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464 (to CVE-2023-0466)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2617 (to CVE-2023-2618)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975 (to CVE-2023-2976)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823 (to CVE-2023-3824)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28755 (to CVE-2023-28756)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34034 (to CVE-2023-34035)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34453 (to CVE-2023-34455)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36478 (to CVE-2023-36479)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545 (to CVE-2023-38546)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318 (to CVE-2023-39322)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794 (to CVE-2023-42795)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43494 (to CVE-2023-43498)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43642 (to CVE-2023-43643)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20903 (to CVE-2024-20953)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20955 (to CVE-2024-20987)

标签 : Oracle , Java , Oracle Database , Fusion , MySQL , Oracle NoSQL , Sun Systems