Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0197: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)
  • CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#sap#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-18

Updated:

2023-01-18

RHSA-2023:0197 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: java-11-openjdk security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835)
  • OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)
  • BZ - 2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

java-11-openjdk-11.0.18.0.10-1.el8_2.src.rpm

SHA-256: 44077ca022749a6c6ac8751a6af2c75cf3139576707ddaaea88ab9dbcde035ce

x86_64

java-11-openjdk-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: dd0c7e7289703f74d7e2297193f632a8eb3a42ebb2ab3710756de359e061e0ea

java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: ddb0d0d47815fc46d0670549e8c2c96ffb036c2633d573db6c0d2baec2ffd13f

java-11-openjdk-debugsource-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: bb3729ebef58b553398ab1712333206d3d2929aa22731529e68ae6465d2b2903

java-11-openjdk-demo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: c9d7342d29dd042445795b1e15360fc6b0f464df4c03176e8ba81fa584df3e21

java-11-openjdk-devel-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 229a76c5332ea03824ec20af647a4b5e8f920b487c0be5d286a222838eb060ac

java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 3c8c739e871e7689b0c8bfcc93003190b9b01eafc9cc3f807bf5c900ae658eef

java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 403fda06a401e9f8ffd17db52fe743708e813fedabadb08163517e682af054fe

java-11-openjdk-headless-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: f20ae0c9e9849dfb66ff2b2d3e508408e694af61655b38264f288ad1dcae4009

java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 11d701549469ea2557a34a6848eb1475716b03440deeb07dcf8db5335a769e55

java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 50c5d2a741750424126ac8a25ba48b070893f442cc98419f6175ff0dc4694258

java-11-openjdk-javadoc-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 0846a1c6052dd4697f78dcc8202bf4872152a31e996eef04f288aac0ce9383a3

java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 6cd99794dd926aadba11d20da0dbfa0729c1534b337fbe9a5b7b8f6c472ffcaa

java-11-openjdk-jmods-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: a4e2ecb12d2bec691db7b8f94b525d80f7c5ba563d89156ecc60481a944906ce

java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 9c51f2d48c941651b5b9e6d71cdba09c506d9b8eec6dad67ff0524c8b3b53d1e

java-11-openjdk-src-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 50d42bcb1016c59d5d4ee30fa03d3ea4946cf3f74bb926cc5b603b39e518ca51

java-11-openjdk-static-libs-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 38da4a1d496c33ab31b5696ef838843411232a726febd2e6bf1fa75508be6105

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

java-11-openjdk-11.0.18.0.10-1.el8_2.src.rpm

SHA-256: 44077ca022749a6c6ac8751a6af2c75cf3139576707ddaaea88ab9dbcde035ce

x86_64

java-11-openjdk-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: dd0c7e7289703f74d7e2297193f632a8eb3a42ebb2ab3710756de359e061e0ea

java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: ddb0d0d47815fc46d0670549e8c2c96ffb036c2633d573db6c0d2baec2ffd13f

java-11-openjdk-debugsource-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: bb3729ebef58b553398ab1712333206d3d2929aa22731529e68ae6465d2b2903

java-11-openjdk-demo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: c9d7342d29dd042445795b1e15360fc6b0f464df4c03176e8ba81fa584df3e21

java-11-openjdk-devel-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 229a76c5332ea03824ec20af647a4b5e8f920b487c0be5d286a222838eb060ac

java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 3c8c739e871e7689b0c8bfcc93003190b9b01eafc9cc3f807bf5c900ae658eef

java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 403fda06a401e9f8ffd17db52fe743708e813fedabadb08163517e682af054fe

java-11-openjdk-headless-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: f20ae0c9e9849dfb66ff2b2d3e508408e694af61655b38264f288ad1dcae4009

java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 11d701549469ea2557a34a6848eb1475716b03440deeb07dcf8db5335a769e55

java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 50c5d2a741750424126ac8a25ba48b070893f442cc98419f6175ff0dc4694258

java-11-openjdk-javadoc-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 0846a1c6052dd4697f78dcc8202bf4872152a31e996eef04f288aac0ce9383a3

java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 6cd99794dd926aadba11d20da0dbfa0729c1534b337fbe9a5b7b8f6c472ffcaa

java-11-openjdk-jmods-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: a4e2ecb12d2bec691db7b8f94b525d80f7c5ba563d89156ecc60481a944906ce

java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 9c51f2d48c941651b5b9e6d71cdba09c506d9b8eec6dad67ff0524c8b3b53d1e

java-11-openjdk-src-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 50d42bcb1016c59d5d4ee30fa03d3ea4946cf3f74bb926cc5b603b39e518ca51

java-11-openjdk-static-libs-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 38da4a1d496c33ab31b5696ef838843411232a726febd2e6bf1fa75508be6105

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

java-11-openjdk-11.0.18.0.10-1.el8_2.src.rpm

SHA-256: 44077ca022749a6c6ac8751a6af2c75cf3139576707ddaaea88ab9dbcde035ce

ppc64le

java-11-openjdk-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: bf2e9af8015549586c65560e8ab4cd96f4b24cd00dc7a0d59259195cde72a90b

java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: a330f6cc37d188ee5896e362c6c23d306619379ad1f70750c74f8d9809e2dd13

java-11-openjdk-debugsource-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: 0012052fe2050c2e1a8650b8004d31baee5e04207e736144c5c83a3cdbdcfb2b

java-11-openjdk-demo-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: 30f89bb1b3ab4cb500f6a1409202c9af409fc90a99e5c26125e58612b7b41ce1

java-11-openjdk-devel-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: b97ea6fd58c1d75ff151b7f29cd5ca90a96b50235dd19fde9a55956ed5cbf792

java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: d165429ceb59e964e062c2a17a88a5bf9ecf772083c1164659b7947c5333eec5

java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: 34ff5f31cdebba1fb2d482cbdc48eac57cb01f378e59a24ba05aab79efd58d71

java-11-openjdk-headless-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: eecdd5d95195c6348486075972de7412fb3d4e49574f6502c914ecb3937b2104

java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: a611c6a82c392ea70f6c6edcc4036f369207fddfb27d2cf7cdcc17c356254452

java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: 1f6ec0f161c8d9125c76f109a16244e854125602cb7506e82b00725a4ff3da8b

java-11-openjdk-javadoc-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: d9e1ee2c24578f833ce947ea580cc5581e4ce1799db357a8572d072c18b46c5d

java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: 00cf0ae236368ea44c917d99a5a16ce30ee124a0113fa956da0b324657d9ac8e

java-11-openjdk-jmods-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: 559b71e9b08eacd640d1e1651308f57c1e20c71bc8383e96388112ede223785e

java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: b00e7b62498dacaf2c0882d15b4e905bc4edac246364b82a37cc258c4658817c

java-11-openjdk-src-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: ece027e96765cbafe975bb67c0e1d0dee0f3bd1ae32f7625028693b94a723c6a

java-11-openjdk-static-libs-11.0.18.0.10-1.el8_2.ppc64le.rpm

SHA-256: 7cae9d290b8a763d6c8602abbc4642b2721b210d482181dddb694e560b8a1adf

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

java-11-openjdk-11.0.18.0.10-1.el8_2.src.rpm

SHA-256: 44077ca022749a6c6ac8751a6af2c75cf3139576707ddaaea88ab9dbcde035ce

x86_64

java-11-openjdk-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: dd0c7e7289703f74d7e2297193f632a8eb3a42ebb2ab3710756de359e061e0ea

java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: ddb0d0d47815fc46d0670549e8c2c96ffb036c2633d573db6c0d2baec2ffd13f

java-11-openjdk-debugsource-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: bb3729ebef58b553398ab1712333206d3d2929aa22731529e68ae6465d2b2903

java-11-openjdk-demo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: c9d7342d29dd042445795b1e15360fc6b0f464df4c03176e8ba81fa584df3e21

java-11-openjdk-devel-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 229a76c5332ea03824ec20af647a4b5e8f920b487c0be5d286a222838eb060ac

java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 3c8c739e871e7689b0c8bfcc93003190b9b01eafc9cc3f807bf5c900ae658eef

java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 403fda06a401e9f8ffd17db52fe743708e813fedabadb08163517e682af054fe

java-11-openjdk-headless-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: f20ae0c9e9849dfb66ff2b2d3e508408e694af61655b38264f288ad1dcae4009

java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 11d701549469ea2557a34a6848eb1475716b03440deeb07dcf8db5335a769e55

java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 50c5d2a741750424126ac8a25ba48b070893f442cc98419f6175ff0dc4694258

java-11-openjdk-javadoc-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 0846a1c6052dd4697f78dcc8202bf4872152a31e996eef04f288aac0ce9383a3

java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 6cd99794dd926aadba11d20da0dbfa0729c1534b337fbe9a5b7b8f6c472ffcaa

java-11-openjdk-jmods-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: a4e2ecb12d2bec691db7b8f94b525d80f7c5ba563d89156ecc60481a944906ce

java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 9c51f2d48c941651b5b9e6d71cdba09c506d9b8eec6dad67ff0524c8b3b53d1e

java-11-openjdk-src-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 50d42bcb1016c59d5d4ee30fa03d3ea4946cf3f74bb926cc5b603b39e518ca51

java-11-openjdk-static-libs-11.0.18.0.10-1.el8_2.x86_64.rpm

SHA-256: 38da4a1d496c33ab31b5696ef838843411232a726febd2e6bf1fa75508be6105

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202401-25

Gentoo Linux Security Advisory 202401-25 - Multiple vulnerabilities have been discovered in OpenJDK, the worst of which can lead to remote code execution. Versions greater than or equal to 11.0.19_p7:11 are affected.

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

Red Hat Security Advisory 2023-3136-01

Red Hat Security Advisory 2023-3136-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8. Issues addressed include a deserialization vulnerability.

RHSA-2023:1047: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update

A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jque...

RHSA-2023:0632: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...

Debian Security Advisory 5335-1

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Red Hat Security Advisory 2023-0208-01

Red Hat Security Advisory 2023-0208-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

Red Hat Security Advisory 2023-0203-01

Red Hat Security Advisory 2023-0203-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

RHSA-2023:0389: Red Hat Security Advisory: OpenJDK 17.0.6 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

RHSA-2023:0353: Red Hat Security Advisory: OpenJDK 11.0.18 Security Update for Windows Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

RHSA-2023:0205: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

Red Hat Security Advisory 2023-0195-01

Red Hat Security Advisory 2023-0195-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

RHSA-2023:0195: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

Red Hat Security Advisory 2023-0201-01

Red Hat Security Advisory 2023-0201-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0201-01

Red Hat Security Advisory 2023-0201-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0198-01

Red Hat Security Advisory 2023-0198-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0198-01

Red Hat Security Advisory 2023-0198-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0196-01

Red Hat Security Advisory 2023-0196-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0196-01

Red Hat Security Advisory 2023-0196-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0192-01

Red Hat Security Advisory 2023-0192-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0192-01

Red Hat Security Advisory 2023-0192-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0200-01

Red Hat Security Advisory 2023-0200-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0200-01

Red Hat Security Advisory 2023-0200-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0197-01

Red Hat Security Advisory 2023-0197-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0197-01

Red Hat Security Advisory 2023-0197-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0193-01

Red Hat Security Advisory 2023-0193-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0193-01

Red Hat Security Advisory 2023-0193-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

RHSA-2023:0200: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

RHSA-2023:0200: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

RHSA-2023:0196: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

RHSA-2023:0196: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

RHSA-2023:0199: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

RHSA-2023:0199: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).