Headline
Red Hat Security Advisory 2023-4877-01
Red Hat Security Advisory 2023-4877-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: java-1.8.0-ibm security update
Advisory ID: RHSA-2023:4877-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4877
Issue date: 2023-08-30
CVE Names: CVE-2023-22049
=====================================================================
- Summary:
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Supplementary (v. 8) - ppc64le, s390x, x86_64
- Description:
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR8-FP10.
Security Fix(es):
- OpenJDK: improper handling of slash characters in URI-to-path conversion
(8305312) (CVE-2023-22049)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of IBM Java must be restarted for this update to take
effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
- Package List:
Red Hat Enterprise Linux Supplementary (v. 8):
ppc64le:
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.ppc64le.rpm
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.ppc64le.rpm
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.ppc64le.rpm
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.ppc64le.rpm
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.ppc64le.rpm
java-1.8.0-ibm-plugin-1.8.0.8.10-1.el8_8.ppc64le.rpm
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.ppc64le.rpm
java-1.8.0-ibm-webstart-1.8.0.8.10-1.el8_8.ppc64le.rpm
s390x:
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.s390x.rpm
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.s390x.rpm
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.s390x.rpm
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.s390x.rpm
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.s390x.rpm
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.s390x.rpm
x86_64:
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.x86_64.rpm
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.8.10-1.el8_8.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.x86_64.rpm
java-1.8.0-ibm-webstart-1.8.0.8.10-1.el8_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-22049
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJk71aiAAoJENzjgjWX9erEEeMP/38UjIh+KtHdEGzY0pCSWgY/
h/Raw/2p2mdL4hmDZY1S/NpQvqJQVZyp2iNm0TvEIMx21llo1UB+k9+MVwpuyG37
6hT7pYn29ZBJoLLDfIxhbBUAYqSG/X3DHuBk5yZS/1Zk4oRATf+zTmB+eYpu9cyg
FSrWqjInn0gUlSe6ULD+F5xofFoTl0jMT8of2hPvdYTLb7zUqX+iTil1Msk1SNDU
ZpyAMxrssXOTmeYhO9RBaMcz+8SowovgFswz64bu+zcTeqFOXVZxV66e3ujt5KFF
Nw7EI1sxqlliL5Ua8yJJ06d4iXlrNJ/HtCYKp90lvKtMUfiC2asEyOrD443z6y8p
o3ztktSRxL4U2ZZ6NziiL5mLEIaOIAjOidDyLT9Vs/1YOgy6GWBA3bcFHOlbZYkE
Squ4CLIK0MJZqyaymelDEkaPXnepqFT5UJjVRwca9vYwa4dOuzQ3+mI/71tj1s6F
D0NRD1WQ+MmzJwTcXW4xbDEAxvw69AVY3wR5yaBMsAOSuGnFKXrs/UhKFXaTKEH7
gSlPtnN6XjaAIqYSjQBn8OSNH/D0fIYyFDbdumlTAwvkhyuIOX1QEbSzZyZllFcZ
bwk1mQtX2mWwP/otwBG9Pw5d8IBdI+S0kmBk8t+91dOwHPixBvphxm6GyVYussNq
6y5hfCF2oCRBFoD8Yimi
=SNTx
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...
Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult...
Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3....