Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-4166-01

Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#java

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update
Advisory ID: RHSA-2023:4166-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4166
Issue date: 2023-07-21
CVE Names: CVE-2023-22045 CVE-2023-22049
=====================================================================

  1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

  1. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: improper handling of slash characters in URI-to-path conversion
    (8305312) (CVE-2023-22049)

  • OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

  • Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382)
    (BZ#2217708)
  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2217708 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-7.9.z]
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

ppc64:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

ppc64:
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64.rpm

ppc64le:
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64le.rpm

s390x:
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.s390x.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2023-22045
https://access.redhat.com/security/cve/CVE-2023-22049
https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJkuybJAAoJENzjgjWX9erEvHwP/3cWR+ifiWTA6xGRRCiciFn9
ehOMpQmJGHRAen/Vd+cvWZ638V7bW4Q8gy6rPFrxeuYRYBG/hFw+3nl88hDdLxNQ
MdsF0U14fzxIQOBgNfXvFRds+Z+I03JmDhlJ9F+Pbx/2nMfou2WYRDLdipylG0by
JjbH7QiOBSb0XDB9dOb0TNuyHsyTavmIn6cmqDDCachxFcJObh1TAtkCX3BfaGz/
f1pMx0Tnsd2oIvIkMTlMiax8X0wFnTnGKMemcMk6yEL9P/g8j2/grWf89+cvjC3c
grZQ1eTa+G2VePLvLPeN0G/hAbsHYg+o5Qi60T32qMtsnN4HNVq2x3iQWCyVietW
mvVapyLB9JpISVQRevt59NNa7eqAzLR5sR2mIk744G4nFbdWU9fKS2YM4c0oefXa
eWsC832Ide0pdKQVF1nv/GoDEy7ri4QNzbMDCTrDzDWva/wt0MxnTKzcyalx3jEe
RigzUJ3a7mdfAIrmoyBrdOMN+Cz3vzj00gouQZ7rSVGyL12XRbHyuRcX1WNBOMBq
ribVBaCGaReqj3wVen+JX++UGMvHDURx7yu77JJe5VlbTKTaGSN2jUMlODwzhjOS
9CuyYhMxj7xU4XB2XuVP5sN0n2nfcS4mK021Oe9hsJuWjuc5qfAAS2zxfHkHFxPb
U9606GX5T3Mjp+kqVFZs
=9Pqu
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Red Hat Security Advisory 2023-5480-01

Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.

RHSA-2023:4876: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JD...

Debian Security Advisory 5478-1

Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

Ubuntu Security Notice USN-6272-1

Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

Red Hat Security Advisory 2023-4159-01

Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4159-01

Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

RHSA-2023:4233: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult...

RHSA-2023:4233: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult...

Red Hat Security Advisory 2023-4210-01

Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4210-01

Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4211-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4211-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4208-01

Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4208-01

Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

RHSA-2023:4212: Red Hat Security Advisory: OpenJDK 8u382 Windows Security Update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...

RHSA-2023:4212: Red Hat Security Advisory: OpenJDK 8u382 Windows Security Update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...

RHSA-2023:4209: Red Hat Security Advisory: OpenJDK 8u382 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...

RHSA-2023:4209: Red Hat Security Advisory: OpenJDK 8u382 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...

RHSA-2023:4168: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected...

RHSA-2023:4162: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...

RHSA-2023:4162: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...

RHSA-2023:4168: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected...

RHSA-2023:4171: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4171: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

Packet Storm: Latest News

Ubuntu Security Notice USN-6885-3
Packet Storm