Headline
RHSA-2023:1880: Red Hat Security Advisory: java-11-openjdk security update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
- CVE-2023-21937: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- CVE-2023-21938: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- CVE-2023-21939: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
- CVE-2023-21954: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
- CVE-2023-21967: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
- CVE-2023-21968: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Synopsis
Important: java-11-openjdk security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
- OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
- OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
- OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
- OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
- OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
- OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
- OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)
- BZ - 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)
- BZ - 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)
- BZ - 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)
- BZ - 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
- BZ - 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)
- BZ - 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)
CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
Red Hat Enterprise Linux for x86_64 9
SRPM
java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm
SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565
x86_64
java-11-openjdk-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 38703726e68022c08c894d8ea25250523729202885f0b8a193195fdfa766b192
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: b525be1f43456300cc9aea8c175530fb3d575ec9626462a9bce6e46fa49efc9b
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 2319fa6e233e333d864b84c912049c3d08c334530ae7bac5b4261df6657ecfe8
java-11-openjdk-demo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 55ddf95c6e85565c08283c1389034cae395f75b6860d63368da0a92309026012
java-11-openjdk-devel-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: ef53ee31b7cff0b4e2dfac9311113a0c835ca412e33886bcc6ffff3255d14718
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: fe09b50855a6ef5ab8037da1f936bb32a88787540696cef314675f7433034897
java-11-openjdk-headless-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 469c7b0ff0750e15df122ffa62cd3f494b7392fd19afb7693fd9650eaaa27726
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 923780862d74a680fe73af04ed6b7950ba1975e3c700f1f0185d3bab735ecaaf
java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 90b3a2462d6575f15fbdb9954e59fab6d2d706b2b48e629fdb6f27fc76993684
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 2e8d9606e0e5a146f76aba4a9349e8898754e3432ca10bc2baf592b5af953644
java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 41e04b31e50f8260393a889bfd89c1bbfc16b742b774ff1a1ccaf266c065da51
java-11-openjdk-src-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 510dae98514e8389092705d66b87c8c9f64cb2148708cf0a6e794719b4701296
java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 7693c25f011a54524b86daa907ab5db9a7d684f02ef089c4d2c72b8f297d9b65
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm
SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565
s390x
java-11-openjdk-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 49e03996116c44f91ea4965a8cefbf90f7c18f6f7443ff9b55878135996ff5bd
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 873184966082765c2cb56788736302b3ae0c577cfa54f5a430f51be8c5f7d9bf
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 0cff759ef7b98b975f7bb97269a140cfd2511984f9b8cb2cae543a2175ebc33b
java-11-openjdk-demo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: e16c866975a5c431ec497664159e0a0217e2415be2e12b852baad3d646e5829c
java-11-openjdk-devel-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: bb738de0a40628fbdc6fc1e187bcb9823a3c9dc3af0550503c3fa164c8348b1e
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 7ea00054a9b67da8d08c4ab3f6dfe500d73d401f485360e78f2bdc411a484d7b
java-11-openjdk-headless-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 09a83606d2af2b0502ea3755585bf22269f4025682e23a88b3b2eb2d905829bf
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: d42d5ae7e752d701cbdc95733236c3b50d68f3d1b4b464278f771b8c4b60cb05
java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 1b13ba68d62acd93303c2143b3b3f683375f0fc8e73aa4b832bc76518180ac40
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 22a391d97d7afca57957c1ade7fc808d2bf64597552595e4b641a7b1b540470f
java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 650b1f02bbec27cf48f189efc5dbba9117c6a4132b0c4168ad89e6897459bab4
java-11-openjdk-src-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 094322c0ca5fe388ba7185c3e5232f829ec037a65ad49cb2a3fd8c70ce3110ae
java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 03c08927f990a4f8b405cfe47cf8177fc34452cbf95a9b98c388788010db606c
Red Hat Enterprise Linux for Power, little endian 9
SRPM
java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm
SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565
ppc64le
java-11-openjdk-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: ec10b18d64277b19b7b0a3fef7a37a56dc86cbe764365736d665b29eb6c33cdf
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 39cfae5765a531c943fe9e9ffe8c22eb8e035598b1f45d2a82fd96f1a8567d1e
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 65a7a1ecb40c5186f1a0b09c328d24cd724b21a6426514862b9ebd88afdd03af
java-11-openjdk-demo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: abd95c3e3bf71b67bad810618b36b483c3e132f886b6c9093c6300db593fe9f3
java-11-openjdk-devel-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 24f64f5b415bdf21332d6b8253d3f8585e662e6f74926e74fb4b208d8e6d9a35
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 6ebde2099d590b5e8d56a64bd63cbcb72f13a8986fb61a030924198917b06336
java-11-openjdk-headless-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 72260248d37c9120db3e6ae03c46b2064b8ac148aae2c89d243c6c8c51545231
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 908efc84b31feb5f1d64b1e6c9565cb36be2ff2bd121316ec8a92f1c676bff39
java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 4bb81ff77b24731e61ed5cc4d13eb084786ae8a8e9518326fd18d3b9bd49cd32
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 61afa4122ba22819c1cc84c25980d36fb21f792206aef18d343cde22b339624e
java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 358e55edc54d504fb9377b37873af3d998815fb6238db5224bc00f97625098cc
java-11-openjdk-src-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 398d8f770bfd4e57c485a7a2f4cbd9f740da1cafbe537071cb475de114155bbd
java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: b3bd493796942b21d2482a14859b098e74501f01b418dcc4a5300a8142954726
Red Hat Enterprise Linux for ARM 64 9
SRPM
java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm
SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565
aarch64
java-11-openjdk-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: cddeb99d4ada068dbb35c0579c651c5f183eea167692bfd8d84ee36470f9cb08
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 0592427af1ebb272f8a5a1d5c0fb95047984664eb5b78dbe3bab3e7851f9abbe
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: aac47bb2d44442b6e8755a512cf466cb27ff729de41a6f1f3eb185bbb27c3763
java-11-openjdk-demo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 37671004735f56835f3120c8dfa752f5ddbade0027975f4c9fab7a57bf031117
java-11-openjdk-devel-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 1261f6d72f72f597033bb952f6d2e71d6c44549422952efbb11fd0a17bb6cb5b
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: d44fbde3176853e61dd04aec3f34b5407661a281dde686d477d1b3959deb10ce
java-11-openjdk-headless-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 9d0fd1115e5572807c7d094d91c2a4d0bc46cd4b0598c048e9decd65faa945c2
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 1af0b29e15ea6b644747c6a7956cadb59c76ba44bccf6f99a415466d0d6f5882
java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: fce77fc9c7f6eb073c1896312c55824eada7617f45b7828c2bb677cf8d5fcf7a
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: f670b8c2099fccb3049cdec8b28a371ad62307c0f2caa924e0d62966e9e3a033
java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 6e80da97bef04a8596784413d16161a583fdd18a9ecd6c4bfc1072e3e38f0b03
java-11-openjdk-src-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: dcfdd04c3df1345066902f6c60b462e64289d950cff2cddf0ab3b76686d49529
java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 90913f06ecdb1decb30a9f5bb7744de97e551d01faf94192693c6941925500b7
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: b525be1f43456300cc9aea8c175530fb3d575ec9626462a9bce6e46fa49efc9b
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 2319fa6e233e333d864b84c912049c3d08c334530ae7bac5b4261df6657ecfe8
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: a77fdbfe9cfe0bfbb0340e554bef61573a83953632c884efd429e38c1648c171
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: ecbf52b38bfec6fb94b8aa1d6a040ae2408cc9b3414c9f6d64efd64787f4f8ad
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: fe09b50855a6ef5ab8037da1f936bb32a88787540696cef314675f7433034897
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: a7bb28b031ce95e694c4b18df6085367209a4280ac67ecce7a125c7e54e49a9e
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: cce676de5db47ad378b51dc019e1f4aad6294986e88cd52630f61402ef3fa307
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 5bff26654b7432271882f9bd11eb24a2308d5d1edf6ac38e045984c68127a5d4
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: f5cdba21d7bf0d195f7292ece76f4a184cee192da9d5f1f0333aa81e40501d65
java-11-openjdk-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 6c92a18cf90ceb0af8f963fa7b17c763e7d6ef349fd1e29515b7f241629ad266
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 0b5e1f207617c1a8e1a7ab5cb116315e43c95f4b360d7da6b16152818fc67e5b
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 923780862d74a680fe73af04ed6b7950ba1975e3c700f1f0185d3bab735ecaaf
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 2ff44c1af313b6cc3e63060b6b5c5c8df3f9dca21d45d40bee3e5e1704130e53
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 7bf60c3d251aca5f3c3f676519fc265f881769884066f0b9d48f8de9065a3000
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 7eed54086bbd2705221c6130386dc995577328359008861487bba608ea2d1138
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 811ba4a768604fc23dc13122969873f34ceb52eefd154bcb55a86c3b63b41d1f
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 00842432b5baa03f894a4bfc7fb8aa660d61569629e4d38bff13caea2e0ffd2b
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 583d747a2bd25e3d34126db4276cac17c52bb3eaa698139d3920329ab3743555
java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 9bfb7f5664f1b4fd462328a23941f8f5d5a26d88121111fe5a575524f2916dd6
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 718595ba583ca145b5582f76e254ebe71d36c3196ebce41bce90cd7d01b9177a
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 8a4bbd5b1d001d9b8b28405f72c9734b9e664557a8852079b6730d331dfeb1db
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 420cdce06ca2ede36ee88372994d900e2205dd9e501c2fbe0f9b6585616e8642
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: 1f317ec42062858a3c7eabe21ea3f9b58d41aa346310c617e57931cce367eaf1
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm
SHA-256: cbb58b6514c76389ee099bf9a76bebc764e87817a8398eac7a5fbad7e71e5cff
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 39cfae5765a531c943fe9e9ffe8c22eb8e035598b1f45d2a82fd96f1a8567d1e
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 65a7a1ecb40c5186f1a0b09c328d24cd724b21a6426514862b9ebd88afdd03af
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: ef283f31469782ecd494995c31f2afde14856e9bd6e470544f917b0062bb3e4c
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: a2b3a14af22c559440c471ed6a031b834353d8975c28f4d84b0df5bcfa34b6ab
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 6ebde2099d590b5e8d56a64bd63cbcb72f13a8986fb61a030924198917b06336
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 744c513db1db77994457c89086a28819edb8074cc4a468a0aa96d7c1b8aa7f60
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 6777ab53584472d30825474155620f16a1c90db9c75ed345de958f8f7a95ecca
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 9add16c81345ba94c433010d15f15a7b08d8e76e2c3065e49c299758171c746b
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 962fc35db3c526147e18b91d037bcc86643c5a8a4f56cbfa748c4728f030060a
java-11-openjdk-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 1becd50b57e6f15dcb3dfec3f768a42fd3d8e903b40b51d036c830bcf05c063f
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 21909f6aff13ae5701042ef0eb17a5518497d4ebb3b85deebdb2b9dae317d487
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 908efc84b31feb5f1d64b1e6c9565cb36be2ff2bd121316ec8a92f1c676bff39
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 6b10f530fbd553c40bc1ace91b70cbb0796b6f6469ef3564d0a21969a3cf3cd0
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: d2cbf98917d1f148992b1ec9c824c84705987293464c55646737f8b896f4defd
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: ea046933b980b99c0b86dec0b05f7c24a0a35f34215c5e0dc903118bd07a5460
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 9ef4051be50dde80d0fbe048923b6b081c5f6e79d60f760da90f6476703cabd9
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 67ff7a496bddf7ab12695255e364facd1a534faad2dbdef8dac67e71d0caf5b5
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 709441d00a0d6da9ee602e06a89285a6db1f3def2d35d6bfe05ef64b17b18af0
java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 8841117d6dd822e6f900c867c5eee4b3be590ef497f283ed6fd5d52e8dd7e40b
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: a573dcb2668820a73d1168264de6ded6d9d6c531794b2716a4db5561d1834169
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: f2de7250918055bdf2ea36fe2da2bb496f24811364ca759760970514351c3915
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 4457b113834f6592e0719996235e30ad7ff1d06624c65a4d070eacf6d36203cf
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 26cac8447b54d1c0ecc326c566f42dc5e6af633d075f12673e9991624a6d61cb
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm
SHA-256: 009add53b10d7e5af63463906aca026951dea146804e4d4338b481b896928520
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 0592427af1ebb272f8a5a1d5c0fb95047984664eb5b78dbe3bab3e7851f9abbe
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: aac47bb2d44442b6e8755a512cf466cb27ff729de41a6f1f3eb185bbb27c3763
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: e2be823219fe7b53f5bf79f0229bc3cfb9185b0abc7dc1a86280834fd6e7da56
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 202538c26ccaaf3c123fc98658578bf72b487e0c0b906343c8009724001ab071
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: d44fbde3176853e61dd04aec3f34b5407661a281dde686d477d1b3959deb10ce
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: f67aee831cd1b6a217e65b6943c453ee0a136c6be9cd749aebff549c5a9fe95c
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 411d0e6129a45a537184967a01e1bc11e4173b6764c85b02c9ec78d6585e0020
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: e7290ea0e5474bd58d60cb0d8799496ef435d43a10a476e465ad0a2472c40b60
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: eaef4804057611714bb88f4177917466e33b7a714c79ee5646340b419e090737
java-11-openjdk-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: f151afd7ada0d9d9807bfe46c4807c8bca38434c7a15d179b41688cfd1777654
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 0b9a7c56f2b691b489d5eb78a1650143943ff2acd2c2bc5260737560bce2bbe4
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 1af0b29e15ea6b644747c6a7956cadb59c76ba44bccf6f99a415466d0d6f5882
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 853ae8365930e7bc93de1bbb47b015ea79944cb9b61fdf8a98ecedd55b5cc9f9
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 8f1fd67f7f29c37de12b71913203d54df9cf3a97b1fb1769a77ff1334d7d31fe
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: d2c618649a2d1ab574bfd581265dce435499a5dc5d4b3950643417769c454884
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: a86dac46a95cab68908e71cf977db3631b6f2b10c1b234c1e53c7fe8b7128e68
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 948d94cabb9321c65c56870fa100773d5e13d88d55de60652e55646030bc2758
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: e8a9dd5e37650d3b9fb79cc48ce7c6a6f0dc21d01f83eef1e209fd6a74a6214b
java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 9ccfd014a8e2216231b8d29088d2392ad4461149c5f90d869303e6716df0b8f8
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 5749e396ffb462a8273ebf28227076a0e6851390d42e1796de7af631a7b17852
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 391c8fcede36a042c4f3c20b83fadf0cfab0f21de815c97f653b25f444f8abb5
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 44f560ea91ffb28464f02a04ef202e75ddb4bc0fabf85bbc67bebb39da651945
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: 5f6523b1b9b6cd3361bb007c3336dc66369d7f99804933d7b0ffb0bce8c1b4f9
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm
SHA-256: ec34c30dbcb82b8e565024c8e694dc1acf6c0900283e2a5eaf072782ed6680cc
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 873184966082765c2cb56788736302b3ae0c577cfa54f5a430f51be8c5f7d9bf
java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 0cff759ef7b98b975f7bb97269a140cfd2511984f9b8cb2cae543a2175ebc33b
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 2d03db90ada3a909df92dafdff91898cf49989f4edad7a0eb5e6885c7639d445
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 7ea00054a9b67da8d08c4ab3f6dfe500d73d401f485360e78f2bdc411a484d7b
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: f7d401104ecf09fa54ec9c649ed13b01687bdfb437b48796d804dbbba635da50
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 4017361af5ee7e5f51789a60a0d55fc067b2f9caf74c2f3e82166849beef53e1
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: d42d5ae7e752d701cbdc95733236c3b50d68f3d1b4b464278f771b8c4b60cb05
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: b0a07a0612fad03d984dadee526c3aa7716ce41a9a66fdd461fb06f38e71033f
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 7a7db5d9a0234bd9c22382adbfa2af0d711cd7ba9cb7aec9a7a2883cbb97078e
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 6a4396ddca5013536d1a18101f2a134ba1f8a17e61925ded81c7ebede7484492
java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 2f409937a8c37872d9ec08d993a03fc2cb458168a391e5f5032c8cc342344248
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 1a43fbc2f92fea71ed340334e8d05f3016999d97c68481b3a7cf76dd7475652e
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: c63abc9060427fac3a27abf7d0f9f4218d87603cc13e5389d0d8549c80f2580c
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm
SHA-256: 8dc0b83e91b19dd44cd53e80a2b0184a440a136fbf10d704ded5574f78ddc085
Related news
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.
Ubuntu Security Notice 6077-1 - Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information.
A new image is available for Red Hat Single Sign-On 7.6.3, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-0341: In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction...
Red Hat Security Advisory 2023-1911-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1900-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1898-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1910-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1912-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1904-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1906-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vuln...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
Red Hat Security Advisory 2023-1899-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1879-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnera...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...