保安警报 (A25-01-12): Oracle Java 及 Oracle 产品多个漏洞 (2025年1月)

描述:

Oracle 发布了重要修补程式更新公告，包括一系列应对 Java SE 和不同 Oracle 产品中多个漏洞的修补程式。有关修补程式的列表，请参考以下网址:
https://www.oracle.com/security-alerts/cpujan2025.html

受影响的系统:

• Oracle Java SE
• Database
• Fusion Applications and Middleware
• Oracle MySQL Product Suite
• Oracle and Sun Systems Products Suite
• Oracle Linux and Virtualization

有关受影响产品的完整列表，请参阅以下网址：
https://www.oracle.com/security-alerts/cpujan2025.html

影响:

成功利用漏洞可以导致受影响的系统发生远端执行程式码、服务被拒绝、权限提升、泄漏资讯、绕过保安限制、仿冒诈骗或篡改。

建议:

现已有适用于受影响系统的修补程式。受影响系统的用户应遵从供应商的建议，立即採取行动以降低风险。

Oracle Java SE 产品的修补程式可从以下连结下载:
Java Platform SE 8u441 (JDK 及 JRE)
Java Platform SE 11.0.26 (JDK 及 JRE)
Java Platform SE 17.0.14 (JDK 及 JRE)
Java Platform SE 21.0.6 (JDK 及 JRE)
Java Platform SE 23.0.2 (JDK 及 JRE)
https://www.oracle.com/java/technologies/downloads/

OpenJDK 的修补程式可从以下连结下载:
https://jdk.java.net/

用户也可通过以下安全公告，以获取其他 Oracle 产品安全更新方面的资讯:
https://www.oracle.com/security-alerts/cpujan2025.html

用户可联络其产品支援供应商，以取得修补程式及相关支援。

进一步资讯:

• https://www.oracle.com/security-alerts/cpujan2025.html
• https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20250122
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000027
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22218
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28975
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23926
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26345
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4782
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7272
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26031
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29408
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29824
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201 (to CVE-2023-33202)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40577
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44387
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44483
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51074
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51775
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52070
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52428
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0450
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1135
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1442
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6162
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6763
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7885
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8006
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8927
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21211
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21245
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22020
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23635
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23807
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25638
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26130
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26308
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27280
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27309
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29131
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29133
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36114
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38526
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38807
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38819
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38827
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43382
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45801
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47535
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47804
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49766 (to CVE-2024-49767)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53677
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0509
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21489 (to CVE-2025-21495)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21497 (to CVE-2025-21571)