Headline
Ubuntu Security Notice USN-6077-1
Ubuntu Security Notice 6077-1 - Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information.
=========================================================================
Ubuntu Security Notice USN-6077-1
May 16, 2023
openjdk-8, openjdk-lts, openjdk-17, openjdk-20 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-17: Open Source Java implementation
- openjdk-20: Open Source Java implementation
- openjdk-8: Open Source Java implementation
- openjdk-lts: Open Source Java implementation
Details:
Ben Smyth discovered that OpenJDK incorrectly handled half-duplex
connections during TLS handshake. A remote attacker could possibly use
this issue to insert, edit or obtain sensitive information.
(CVE-2023-21930)
It was discovered that OpenJDK incorrectly handled certain inputs. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21937)
It was discovered that OpenJDK incorrectly handled command arguments. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21938)
It was discovered that OpenJDK incorrectly validated HTML documents. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21939)
Ramki Ramakrishna discovered that OpenJDK incorrectly handled garbage
collection. An attacker could possibly use this issue to bypass Java
sandbox restrictions. (CVE-2023-21954)
Jonathan Looney discovered that OpenJDK incorrectly handled certificate
chains during TLS session negotiation. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-21967)
Adam Reziouk discovered that OpenJDK incorrectly sanitized URIs. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2023-21968)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~23.04
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~23.04
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~23.04
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~23.04
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~23.04
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~23.04
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~23.04
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~23.04
openjdk-20-jdk 20.0.1+9~us1-0ubuntu1~23.04
openjdk-20-jre 20.0.1+9~us1-0ubuntu1~23.04
openjdk-20-jre-headless 20.0.1+9~us1-0ubuntu1~23.04
openjdk-20-jre-zero 20.0.1+9~us1-0ubuntu1~23.04
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~23.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~23.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~23.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~23.04
Ubuntu 22.10:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-20-jdk 20.0.1+9~us1-0ubuntu1~22.10
openjdk-20-jre 20.0.1+9~us1-0ubuntu1~22.10
openjdk-20-jre-headless 20.0.1+9~us1-0ubuntu1~22.10
openjdk-20-jre-zero 20.0.1+9~us1-0ubuntu1~22.10
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~22.10
openjdk-8-jre 8u372-ga~us1-0ubuntu1~22.10
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~22.10
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~22.10
Ubuntu 22.04 LTS:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~22.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~22.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~22.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~22.04
Ubuntu 20.04 LTS:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~20.04
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~20.04
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~20.04
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~20.04
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~20.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~20.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~20.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~20.04
Ubuntu 18.04 LTS:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~18.04
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~18.04
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~18.04
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~18.04
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~18.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~18.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~18.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~18.04
Ubuntu 16.04 ESM:
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~16.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~16.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~16.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~16.04
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6077-1
CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939,
CVE-2023-21954, CVE-2023-21967, CVE-2023-21968
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-20/20.0.1+9~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~22.10.2
https://launchpad.net/ubuntu/+source/openjdk-20/20.0.1+9~us1-0ubuntu1~22.10
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~22.10
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~22.10.1
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~22.04.2
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~22.04.1
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~20.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~20.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~20.04.1
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~18.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~18.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~18.04.1
Related news
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
OpenShift Serverless version 1.29.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker ...
Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...