Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1880: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
  • CVE-2023-21937: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
  • CVE-2023-21938: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
  • CVE-2023-21939: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
  • CVE-2023-21954: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
  • CVE-2023-21967: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
  • CVE-2023-21968: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Red Hat Security Data
#vulnerability#web#apple#linux#red_hat#js#java#oracle#graalvm#auth#ibm#ssl

Synopsis

Important: java-11-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
  • OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
  • OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
  • OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
  • OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
  • OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
  • OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)
  • BZ - 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)
  • BZ - 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)
  • BZ - 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)
  • BZ - 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
  • BZ - 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)
  • BZ - 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

CVEs

  • CVE-2023-21930
  • CVE-2023-21937
  • CVE-2023-21938
  • CVE-2023-21939
  • CVE-2023-21954
  • CVE-2023-21967
  • CVE-2023-21968

Red Hat Enterprise Linux for x86_64 9

SRPM

java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm

SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565

x86_64

java-11-openjdk-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 38703726e68022c08c894d8ea25250523729202885f0b8a193195fdfa766b192

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: b525be1f43456300cc9aea8c175530fb3d575ec9626462a9bce6e46fa49efc9b

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 2319fa6e233e333d864b84c912049c3d08c334530ae7bac5b4261df6657ecfe8

java-11-openjdk-demo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 55ddf95c6e85565c08283c1389034cae395f75b6860d63368da0a92309026012

java-11-openjdk-devel-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: ef53ee31b7cff0b4e2dfac9311113a0c835ca412e33886bcc6ffff3255d14718

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: fe09b50855a6ef5ab8037da1f936bb32a88787540696cef314675f7433034897

java-11-openjdk-headless-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 469c7b0ff0750e15df122ffa62cd3f494b7392fd19afb7693fd9650eaaa27726

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 923780862d74a680fe73af04ed6b7950ba1975e3c700f1f0185d3bab735ecaaf

java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 90b3a2462d6575f15fbdb9954e59fab6d2d706b2b48e629fdb6f27fc76993684

java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 2e8d9606e0e5a146f76aba4a9349e8898754e3432ca10bc2baf592b5af953644

java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 41e04b31e50f8260393a889bfd89c1bbfc16b742b774ff1a1ccaf266c065da51

java-11-openjdk-src-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 510dae98514e8389092705d66b87c8c9f64cb2148708cf0a6e794719b4701296

java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 7693c25f011a54524b86daa907ab5db9a7d684f02ef089c4d2c72b8f297d9b65

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm

SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565

s390x

java-11-openjdk-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 49e03996116c44f91ea4965a8cefbf90f7c18f6f7443ff9b55878135996ff5bd

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 873184966082765c2cb56788736302b3ae0c577cfa54f5a430f51be8c5f7d9bf

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 0cff759ef7b98b975f7bb97269a140cfd2511984f9b8cb2cae543a2175ebc33b

java-11-openjdk-demo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: e16c866975a5c431ec497664159e0a0217e2415be2e12b852baad3d646e5829c

java-11-openjdk-devel-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: bb738de0a40628fbdc6fc1e187bcb9823a3c9dc3af0550503c3fa164c8348b1e

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 7ea00054a9b67da8d08c4ab3f6dfe500d73d401f485360e78f2bdc411a484d7b

java-11-openjdk-headless-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 09a83606d2af2b0502ea3755585bf22269f4025682e23a88b3b2eb2d905829bf

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: d42d5ae7e752d701cbdc95733236c3b50d68f3d1b4b464278f771b8c4b60cb05

java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 1b13ba68d62acd93303c2143b3b3f683375f0fc8e73aa4b832bc76518180ac40

java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 22a391d97d7afca57957c1ade7fc808d2bf64597552595e4b641a7b1b540470f

java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 650b1f02bbec27cf48f189efc5dbba9117c6a4132b0c4168ad89e6897459bab4

java-11-openjdk-src-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 094322c0ca5fe388ba7185c3e5232f829ec037a65ad49cb2a3fd8c70ce3110ae

java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 03c08927f990a4f8b405cfe47cf8177fc34452cbf95a9b98c388788010db606c

Red Hat Enterprise Linux for Power, little endian 9

SRPM

java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm

SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565

ppc64le

java-11-openjdk-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: ec10b18d64277b19b7b0a3fef7a37a56dc86cbe764365736d665b29eb6c33cdf

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 39cfae5765a531c943fe9e9ffe8c22eb8e035598b1f45d2a82fd96f1a8567d1e

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 65a7a1ecb40c5186f1a0b09c328d24cd724b21a6426514862b9ebd88afdd03af

java-11-openjdk-demo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: abd95c3e3bf71b67bad810618b36b483c3e132f886b6c9093c6300db593fe9f3

java-11-openjdk-devel-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 24f64f5b415bdf21332d6b8253d3f8585e662e6f74926e74fb4b208d8e6d9a35

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 6ebde2099d590b5e8d56a64bd63cbcb72f13a8986fb61a030924198917b06336

java-11-openjdk-headless-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 72260248d37c9120db3e6ae03c46b2064b8ac148aae2c89d243c6c8c51545231

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 908efc84b31feb5f1d64b1e6c9565cb36be2ff2bd121316ec8a92f1c676bff39

java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 4bb81ff77b24731e61ed5cc4d13eb084786ae8a8e9518326fd18d3b9bd49cd32

java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 61afa4122ba22819c1cc84c25980d36fb21f792206aef18d343cde22b339624e

java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 358e55edc54d504fb9377b37873af3d998815fb6238db5224bc00f97625098cc

java-11-openjdk-src-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 398d8f770bfd4e57c485a7a2f4cbd9f740da1cafbe537071cb475de114155bbd

java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: b3bd493796942b21d2482a14859b098e74501f01b418dcc4a5300a8142954726

Red Hat Enterprise Linux for ARM 64 9

SRPM

java-11-openjdk-11.0.19.0.7-1.el9_1.src.rpm

SHA-256: 5e01efd5354832870eec8357e76187595ba966d3e46452df8db821b6b918f565

aarch64

java-11-openjdk-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: cddeb99d4ada068dbb35c0579c651c5f183eea167692bfd8d84ee36470f9cb08

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 0592427af1ebb272f8a5a1d5c0fb95047984664eb5b78dbe3bab3e7851f9abbe

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: aac47bb2d44442b6e8755a512cf466cb27ff729de41a6f1f3eb185bbb27c3763

java-11-openjdk-demo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 37671004735f56835f3120c8dfa752f5ddbade0027975f4c9fab7a57bf031117

java-11-openjdk-devel-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 1261f6d72f72f597033bb952f6d2e71d6c44549422952efbb11fd0a17bb6cb5b

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: d44fbde3176853e61dd04aec3f34b5407661a281dde686d477d1b3959deb10ce

java-11-openjdk-headless-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 9d0fd1115e5572807c7d094d91c2a4d0bc46cd4b0598c048e9decd65faa945c2

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 1af0b29e15ea6b644747c6a7956cadb59c76ba44bccf6f99a415466d0d6f5882

java-11-openjdk-javadoc-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: fce77fc9c7f6eb073c1896312c55824eada7617f45b7828c2bb677cf8d5fcf7a

java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: f670b8c2099fccb3049cdec8b28a371ad62307c0f2caa924e0d62966e9e3a033

java-11-openjdk-jmods-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 6e80da97bef04a8596784413d16161a583fdd18a9ecd6c4bfc1072e3e38f0b03

java-11-openjdk-src-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: dcfdd04c3df1345066902f6c60b462e64289d950cff2cddf0ab3b76686d49529

java-11-openjdk-static-libs-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 90913f06ecdb1decb30a9f5bb7744de97e551d01faf94192693c6941925500b7

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: b525be1f43456300cc9aea8c175530fb3d575ec9626462a9bce6e46fa49efc9b

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 2319fa6e233e333d864b84c912049c3d08c334530ae7bac5b4261df6657ecfe8

java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: a77fdbfe9cfe0bfbb0340e554bef61573a83953632c884efd429e38c1648c171

java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: ecbf52b38bfec6fb94b8aa1d6a040ae2408cc9b3414c9f6d64efd64787f4f8ad

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: fe09b50855a6ef5ab8037da1f936bb32a88787540696cef314675f7433034897

java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: a7bb28b031ce95e694c4b18df6085367209a4280ac67ecce7a125c7e54e49a9e

java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: cce676de5db47ad378b51dc019e1f4aad6294986e88cd52630f61402ef3fa307

java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 5bff26654b7432271882f9bd11eb24a2308d5d1edf6ac38e045984c68127a5d4

java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: f5cdba21d7bf0d195f7292ece76f4a184cee192da9d5f1f0333aa81e40501d65

java-11-openjdk-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 6c92a18cf90ceb0af8f963fa7b17c763e7d6ef349fd1e29515b7f241629ad266

java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 0b5e1f207617c1a8e1a7ab5cb116315e43c95f4b360d7da6b16152818fc67e5b

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 923780862d74a680fe73af04ed6b7950ba1975e3c700f1f0185d3bab735ecaaf

java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 2ff44c1af313b6cc3e63060b6b5c5c8df3f9dca21d45d40bee3e5e1704130e53

java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 7bf60c3d251aca5f3c3f676519fc265f881769884066f0b9d48f8de9065a3000

java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 7eed54086bbd2705221c6130386dc995577328359008861487bba608ea2d1138

java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 811ba4a768604fc23dc13122969873f34ceb52eefd154bcb55a86c3b63b41d1f

java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 00842432b5baa03f894a4bfc7fb8aa660d61569629e4d38bff13caea2e0ffd2b

java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 583d747a2bd25e3d34126db4276cac17c52bb3eaa698139d3920329ab3743555

java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 9bfb7f5664f1b4fd462328a23941f8f5d5a26d88121111fe5a575524f2916dd6

java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 718595ba583ca145b5582f76e254ebe71d36c3196ebce41bce90cd7d01b9177a

java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 8a4bbd5b1d001d9b8b28405f72c9734b9e664557a8852079b6730d331dfeb1db

java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 420cdce06ca2ede36ee88372994d900e2205dd9e501c2fbe0f9b6585616e8642

java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: 1f317ec42062858a3c7eabe21ea3f9b58d41aa346310c617e57931cce367eaf1

java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.x86_64.rpm

SHA-256: cbb58b6514c76389ee099bf9a76bebc764e87817a8398eac7a5fbad7e71e5cff

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 39cfae5765a531c943fe9e9ffe8c22eb8e035598b1f45d2a82fd96f1a8567d1e

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 65a7a1ecb40c5186f1a0b09c328d24cd724b21a6426514862b9ebd88afdd03af

java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: ef283f31469782ecd494995c31f2afde14856e9bd6e470544f917b0062bb3e4c

java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: a2b3a14af22c559440c471ed6a031b834353d8975c28f4d84b0df5bcfa34b6ab

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 6ebde2099d590b5e8d56a64bd63cbcb72f13a8986fb61a030924198917b06336

java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 744c513db1db77994457c89086a28819edb8074cc4a468a0aa96d7c1b8aa7f60

java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 6777ab53584472d30825474155620f16a1c90db9c75ed345de958f8f7a95ecca

java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 9add16c81345ba94c433010d15f15a7b08d8e76e2c3065e49c299758171c746b

java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 962fc35db3c526147e18b91d037bcc86643c5a8a4f56cbfa748c4728f030060a

java-11-openjdk-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 1becd50b57e6f15dcb3dfec3f768a42fd3d8e903b40b51d036c830bcf05c063f

java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 21909f6aff13ae5701042ef0eb17a5518497d4ebb3b85deebdb2b9dae317d487

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 908efc84b31feb5f1d64b1e6c9565cb36be2ff2bd121316ec8a92f1c676bff39

java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 6b10f530fbd553c40bc1ace91b70cbb0796b6f6469ef3564d0a21969a3cf3cd0

java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: d2cbf98917d1f148992b1ec9c824c84705987293464c55646737f8b896f4defd

java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: ea046933b980b99c0b86dec0b05f7c24a0a35f34215c5e0dc903118bd07a5460

java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 9ef4051be50dde80d0fbe048923b6b081c5f6e79d60f760da90f6476703cabd9

java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 67ff7a496bddf7ab12695255e364facd1a534faad2dbdef8dac67e71d0caf5b5

java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 709441d00a0d6da9ee602e06a89285a6db1f3def2d35d6bfe05ef64b17b18af0

java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 8841117d6dd822e6f900c867c5eee4b3be590ef497f283ed6fd5d52e8dd7e40b

java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: a573dcb2668820a73d1168264de6ded6d9d6c531794b2716a4db5561d1834169

java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: f2de7250918055bdf2ea36fe2da2bb496f24811364ca759760970514351c3915

java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 4457b113834f6592e0719996235e30ad7ff1d06624c65a4d070eacf6d36203cf

java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 26cac8447b54d1c0ecc326c566f42dc5e6af633d075f12673e9991624a6d61cb

java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.ppc64le.rpm

SHA-256: 009add53b10d7e5af63463906aca026951dea146804e4d4338b481b896928520

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 0592427af1ebb272f8a5a1d5c0fb95047984664eb5b78dbe3bab3e7851f9abbe

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: aac47bb2d44442b6e8755a512cf466cb27ff729de41a6f1f3eb185bbb27c3763

java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: e2be823219fe7b53f5bf79f0229bc3cfb9185b0abc7dc1a86280834fd6e7da56

java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 202538c26ccaaf3c123fc98658578bf72b487e0c0b906343c8009724001ab071

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: d44fbde3176853e61dd04aec3f34b5407661a281dde686d477d1b3959deb10ce

java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: f67aee831cd1b6a217e65b6943c453ee0a136c6be9cd749aebff549c5a9fe95c

java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 411d0e6129a45a537184967a01e1bc11e4173b6764c85b02c9ec78d6585e0020

java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: e7290ea0e5474bd58d60cb0d8799496ef435d43a10a476e465ad0a2472c40b60

java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: eaef4804057611714bb88f4177917466e33b7a714c79ee5646340b419e090737

java-11-openjdk-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: f151afd7ada0d9d9807bfe46c4807c8bca38434c7a15d179b41688cfd1777654

java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 0b9a7c56f2b691b489d5eb78a1650143943ff2acd2c2bc5260737560bce2bbe4

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 1af0b29e15ea6b644747c6a7956cadb59c76ba44bccf6f99a415466d0d6f5882

java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 853ae8365930e7bc93de1bbb47b015ea79944cb9b61fdf8a98ecedd55b5cc9f9

java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 8f1fd67f7f29c37de12b71913203d54df9cf3a97b1fb1769a77ff1334d7d31fe

java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: d2c618649a2d1ab574bfd581265dce435499a5dc5d4b3950643417769c454884

java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: a86dac46a95cab68908e71cf977db3631b6f2b10c1b234c1e53c7fe8b7128e68

java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 948d94cabb9321c65c56870fa100773d5e13d88d55de60652e55646030bc2758

java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: e8a9dd5e37650d3b9fb79cc48ce7c6a6f0dc21d01f83eef1e209fd6a74a6214b

java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 9ccfd014a8e2216231b8d29088d2392ad4461149c5f90d869303e6716df0b8f8

java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 5749e396ffb462a8273ebf28227076a0e6851390d42e1796de7af631a7b17852

java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 391c8fcede36a042c4f3c20b83fadf0cfab0f21de815c97f653b25f444f8abb5

java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 44f560ea91ffb28464f02a04ef202e75ddb4bc0fabf85bbc67bebb39da651945

java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: 5f6523b1b9b6cd3361bb007c3336dc66369d7f99804933d7b0ffb0bce8c1b4f9

java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.aarch64.rpm

SHA-256: ec34c30dbcb82b8e565024c8e694dc1acf6c0900283e2a5eaf072782ed6680cc

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

java-11-openjdk-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 873184966082765c2cb56788736302b3ae0c577cfa54f5a430f51be8c5f7d9bf

java-11-openjdk-debugsource-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 0cff759ef7b98b975f7bb97269a140cfd2511984f9b8cb2cae543a2175ebc33b

java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 2d03db90ada3a909df92dafdff91898cf49989f4edad7a0eb5e6885c7639d445

java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 7ea00054a9b67da8d08c4ab3f6dfe500d73d401f485360e78f2bdc411a484d7b

java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: f7d401104ecf09fa54ec9c649ed13b01687bdfb437b48796d804dbbba635da50

java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 4017361af5ee7e5f51789a60a0d55fc067b2f9caf74c2f3e82166849beef53e1

java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: d42d5ae7e752d701cbdc95733236c3b50d68f3d1b4b464278f771b8c4b60cb05

java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: b0a07a0612fad03d984dadee526c3aa7716ce41a9a66fdd461fb06f38e71033f

java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 7a7db5d9a0234bd9c22382adbfa2af0d711cd7ba9cb7aec9a7a2883cbb97078e

java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 6a4396ddca5013536d1a18101f2a134ba1f8a17e61925ded81c7ebede7484492

java-11-openjdk-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 2f409937a8c37872d9ec08d993a03fc2cb458168a391e5f5032c8cc342344248

java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 1a43fbc2f92fea71ed340334e8d05f3016999d97c68481b3a7cf76dd7475652e

java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: c63abc9060427fac3a27abf7d0f9f4218d87603cc13e5389d0d8549c80f2580c

java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el9_1.s390x.rpm

SHA-256: 8dc0b83e91b19dd44cd53e80a2b0184a440a136fbf10d704ded5574f78ddc085

Related news

CVE-2023-32338: Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

Debian Security Advisory 5478-1

Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

Debian Security Advisory 5430-1

Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.

Ubuntu Security Notice USN-6077-1

Ubuntu Security Notice 6077-1 - Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information.

RHSA-2023:2710: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 for OpenShift image security update

A new image is available for Red Hat Single Sign-On 7.6.3, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-0341: In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction...

Red Hat Security Advisory 2023-1911-01

Red Hat Security Advisory 2023-1911-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Red Hat Security Advisory 2023-1900-01

Red Hat Security Advisory 2023-1900-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Red Hat Security Advisory 2023-1898-01

Red Hat Security Advisory 2023-1898-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Red Hat Security Advisory 2023-1910-01

Red Hat Security Advisory 2023-1910-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Red Hat Security Advisory 2023-1912-01

Red Hat Security Advisory 2023-1912-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2023-1907-01

Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Red Hat Security Advisory 2023-1904-01

Red Hat Security Advisory 2023-1904-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Red Hat Security Advisory 2023-1906-01

Red Hat Security Advisory 2023-1906-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

RHSA-2023:1912: Red Hat Security Advisory: OpenJDK 8u372 Windows Security Update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...

RHSA-2023:1903: Red Hat Security Advisory: OpenJDK 8u372 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...

RHSA-2023:1908: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...

RHSA-2023:1909: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...

RHSA-2023:1911: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vuln...

RHSA-2023:1904: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...

Red Hat Security Advisory 2023-1899-01

Red Hat Security Advisory 2023-1899-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Red Hat Security Advisory 2023-1879-01

Red Hat Security Advisory 2023-1879-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

RHSA-2023:1898: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...

RHSA-2023:1895: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...

RHSA-2023:1885: Red Hat Security Advisory: OpenJDK 17.0.7 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...

RHSA-2023:1884: Red Hat Security Advisory: OpenJDK 17.0.7 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...

RHSA-2023:1883: Red Hat Security Advisory: OpenJDK 11.0.19 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...

RHSA-2023:1882: Red Hat Security Advisory: OpenJDK 11.0.19 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...

RHSA-2023:1879: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...

RHSA-2023:1878: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnera...

RHSA-2023:1877: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...

RHSA-2023:1875: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...