Headline
Red Hat Security Advisory 2023-4178-01
Red Hat Security Advisory 2023-4178-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update
Advisory ID: RHSA-2023:4178-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4178
Issue date: 2023-07-20
CVE Names: CVE-2023-22045 CVE-2023-22049
=====================================================================
- Summary:
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, x86_64
- Description:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
OpenJDK: improper handling of slash characters in URI-to-path conversion
(8305312) (CVE-2023-22049)OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
- Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382)
[rhel-9] (BZ#2220662)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to
take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2220662 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-9] [rhel-9.2.0.z]
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source:
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.src.rpm
aarch64:
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.aarch64.rpm
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-2.el9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-2.el9.noarch.rpm
ppc64le:
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.ppc64le.rpm
s390x:
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.s390x.rpm
x86_64:
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 9):
aarch64:
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm
ppc64le:
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-22045
https://access.redhat.com/security/cve/CVE-2023-22049
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJkuYZxAAoJENzjgjWX9erE42cP/1i8b/vfeGY6gUCxlrsVkXGy
RqV2OhsYAmHYJzbbBfJ9ICZN1IH4sqUpD91AYisTDtZqfwHUw+EcIb6eq+oT5jc0
UbY6tAIDLa1WWlLBaefPd8+f4hkSBnXMgceZ1G1CfOLHc1ydpKoCwoN3AgTrntD1
DuxSy9Q9cPEJ6OpomipxCEHRwxWCQjfUlsrU+QFPDd9zY+inibcRRWzfKF3goIh8
Wuzyc/5UCJwyjLaLMtIevscTaIkbRhMfITWhu7qHizabI7Qr3yNif8zyA9sPEy3k
veHcArjXLqbmHU49P0bp31lqrb3L4NnSP5MRRV6018ychnO1atrbsIEqsiATjF/J
/J+DNGgxe1OTzB5jWyFMZibhJc+G0Yakddvr7XzMtbUl28jhWljjsZ2u+0BjERvP
Sa36lt7+NBVZLf7KLFyOsvBb90q3QbitlUV0LJ0QZn5ccSiu1jEFH+JEzVGaLVAE
fhw6AFvClWeYMFsn+3tdyKMMLJU76zIuMYWwLn8ahUb7pYy1vJJQOGOu0FDSG5mk
XSiAte4R887nfHU+wNkYJsYhf0e7/BHAgXoKzho46St9JYHyPtmNJNFm7C97fRz9
zMKJdB+wmKcQVObkdb9FJSD16BM8ERet2IwBaWKH+5FnfcSdK2yOFJYZLP63CBWO
KMFCk6oE84w/iDfY/0rl
=KxOl
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ...
Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.
Red Hat OpenShift Serverless version 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containin...
Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult...
Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).