Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-4176-01

Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#java

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update
Advisory ID: RHSA-2023:4176-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4176
Issue date: 2023-07-20
CVE Names: CVE-2023-22045 CVE-2023-22049
=====================================================================

  1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64

  1. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: improper handling of slash characters in URI-to-path conversion
    (8305312) (CVE-2023-22049)

  • OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

  • Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382)
    [rhel-8] (BZ#2219727)
  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2219727 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-8] [rhel-8.8.0.z]
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.src.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.aarch64.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-2.el8.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-2.el8.noarch.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm

ppc64le:
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm

x86_64:
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2023-22045
https://access.redhat.com/security/cve/CVE-2023-22049
https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJkuTHuAAoJENzjgjWX9erEUJYP/jkZdIhbmjqH+uCTpNJuwb1c
eOKPR22sdxlbJ/wFtE7aZ8AJggn9L7K4nWHtvGLjegWkV09AYbPJr1I1LDLsXVlo
aQ1RrVBoa1CUdLkhY6Fo5a2zDKpj+lWjoGaqXcap+od414BaXiaJpxERT5LoOUl3
fsz79Vg2XZSOwoYOHFwHI/PL7E5B+8XqFuqQNF/lF+uKHpmN2P7pGV8cWfcnwLoR
w732IjGr6Obe6ck20doQJ9lSAHDYbch3xB8aJfGf4t/yl9HvcvE11R+wWUilBP7s
kYci5f6LVrb2PMXbH1vSTAkxjQS7QxAOZ5Ud1+wNJQddbChH4/NiMa/EHp9Iq9lH
5rJWcyC9PR9FiDsEaNeDVmQXixPL5l5U1SzeRXpTpysi7D3LG7Ny/Xm51xIE9g5Z
baSL1+m5SZhJ4k+l9gg/GUmMB4zDZeM5azQBTJb0IJXmwUpolosPIv3qX3Jj+1mE
CZ54F2oMsGXcPvT7AV5n2VUQknoOBsP8Ib59jjaVY54sYj/797hvk3H4XSGxIOfw
vGdmpFei1Rx2lY1ySJz1DYhc2A7VoSxfjboHYkA8Mcp4UHBUY+JXU7Bcl7qcJCba
HcBYVyhX4bukSA4Lvnj6IsAhu2ZYXD/x1rcYD4s3HQ54NUNMEnhdMLBPmapGnUiy
YmJbOTz4BQCkA/jbLfu7
=Blth
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Red Hat Security Advisory 2023-5480-01

Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.

RHSA-2023:4876: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JD...

Debian Security Advisory 5478-1

Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

Ubuntu Security Notice USN-6272-1

Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

RHSA-2023:4166: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 an...

Red Hat Security Advisory 2023-4158-01

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4158-01

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4210-01

Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4210-01

Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4177-01

Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4177-01

Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4211-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4211-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4208-01

Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4209-01

Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4212-01

Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4161-01

Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

RHSA-2023:4210: Red Hat Security Advisory: OpenJDK 17.0.8 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4212: Red Hat Security Advisory: OpenJDK 8u382 Windows Security Update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...

RHSA-2023:4208: Red Hat Security Advisory: OpenJDK security update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4161: Red Hat Security Advisory: OpenJDK 11.0.20 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4163: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4163: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4172: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...

RHSA-2023:4172: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...

RHSA-2023:4162: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...

RHSA-2023:4162: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...

RHSA-2023:4168: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected...

RHSA-2023:4168: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected...

RHSA-2023:4165: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...

RHSA-2023:4165: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...

RHSA-2023:4171: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4171: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

Packet Storm: Latest News

Ubuntu Security Notice USN-6885-3
Packet Storm