保安警報 (A25-01-12): Oracle Java 及 Oracle 產品多個漏洞 (2025年1月)

描述:

Oracle 發布了重要修補程式更新公告，包括一系列應對 Java SE 和不同 Oracle 產品中多個漏洞的修補程式。有關修補程式的列表，請參考以下網址:
https://www.oracle.com/security-alerts/cpujan2025.html

受影響的系統:

• Oracle Java SE
• Database
• Fusion Applications and Middleware
• Oracle MySQL Product Suite
• Oracle and Sun Systems Products Suite
• Oracle Linux and Virtualization

有關受影響產品的完整列表，請參閱以下網址：
https://www.oracle.com/security-alerts/cpujan2025.html

影響:

成功利用漏洞可以導致受影響的系統發生遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安限制、仿冒詐騙或篡改。

建議:

現已有適用於受影響系統的修補程式。受影響系統的用戶應遵從供應商的建議，立即採取行動以降低風險。

Oracle Java SE 產品的修補程式可從以下連結下載:
Java Platform SE 8u441 (JDK 及 JRE)
Java Platform SE 11.0.26 (JDK 及 JRE)
Java Platform SE 17.0.14 (JDK 及 JRE)
Java Platform SE 21.0.6 (JDK 及 JRE)
Java Platform SE 23.0.2 (JDK 及 JRE)
https://www.oracle.com/java/technologies/downloads/

OpenJDK 的修補程式可從以下連結下載:
https://jdk.java.net/

用戶也可通過以下安全公告，以獲取其他 Oracle 產品安全更新方面的資訊:
https://www.oracle.com/security-alerts/cpujan2025.html

用戶可聯絡其產品支援供應商，以取得修補程式及相關支援。

進一步資訊:

• https://www.oracle.com/security-alerts/cpujan2025.html
• https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20250122
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000027
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22218
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28975
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23926
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26345
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4782
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7272
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26031
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29408
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29824
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201 (to CVE-2023-33202)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40577
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44387
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44483
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51074
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51775
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52070
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52428
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0450
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1135
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1442
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6162
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6763
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7885
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8006
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8927
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21211
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21245
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22020
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23635
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23807
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25638
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26130
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26308
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27280
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27309
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29131
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29133
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36114
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38526
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38807
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38819
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38827
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43382
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45801
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47535
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47804
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49766 (to CVE-2024-49767)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53677
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0509
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21489 (to CVE-2025-21495)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21497 (to CVE-2025-21571)