Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4167: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
  • CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Red Hat Security Data
#vulnerability#web#apple#linux#red_hat#nodejs#js#java#oracle#kubernetes#aws#graalvm#auth#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-07-19

Updated:

2023-07-19

RHSA-2023:4167 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: java-1.8.0-openjdk security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
  • OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
  • BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el8_1.src.rpm

SHA-256: c07c8c48e1108cdc0cfa6bf492866d05ecf5465f09d35f3fd5f7708112fdb43a

ppc64le

java-1.8.0-openjdk-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: fd54406e72b8d94024a79eb64cbacb053df76384b500140ccdfa2a278091e29e

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 037ad437c091f570d8e7cad179a0694eec7b094e8281395be4b93c89cdff018a

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: bf184bdef1f5a613e37c19414cfea788eaac17fadfad060505ca432d082606d3

java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: a9e01a1355e9404d39fe0e37f51194fcec85673b4a87cad24ec70647b7068cdd

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 1fe93cbacbc3779bd425be385d585aaaf96e70e0f15f1418663b6f579b5d655a

java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 348117dd5056c449b5578d7ebae1c585a902ab4272ff14aea67434d79e46fce1

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: ec108d0bb01bb79b09f1e74ae26fd15c44533a5b33643ef66806e800bebf5461

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 79f07e114578d31c694126bf9dcb597ea7291616f7bc260a74fcf94739e0a3af

java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 11aff4615e791e5b47357acf9686c427b7250b1a4dd2461f0aa32605ccc47d07

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 6e8f9d1b0c592fd084fa471b0c67a79036cae2e079456f42062eb8bcc9bd428f

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 027df73ee8f3b65990e8dda49946d68b01a42d00eac02b14dcee0b036f3e2cc1

java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 6b4678cda30619fef4ba857fd2884aff5e673c47bd79ecc42320cd4d0c4987d9

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 9172e82c71a721a5d1f07a1ec60173225d72472f25103096fbe2113cfea452c1

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_1.noarch.rpm

SHA-256: 5e5646bf9008178e9755eb3e38ef0d7cc075b45c4e1394c2291c3bbfbeb9bd49

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_1.noarch.rpm

SHA-256: 496f02ce54fa1b019d551b46117d7a365af5857e8d6cfe5aeb3d92cc375a67f5

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: 0c9d9044e9d6eda34b59dd4c2b9ef4ae036f21656f9912092f75bfe788ba25bf

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_1.ppc64le.rpm

SHA-256: ce221de472235a0f393a5d8d843ecc5eef936bf0a17575195e8608e5811d8b3d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el8_1.src.rpm

SHA-256: c07c8c48e1108cdc0cfa6bf492866d05ecf5465f09d35f3fd5f7708112fdb43a

x86_64

java-1.8.0-openjdk-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 4ae2780f6bc2a3d7877eb70e1bccbeebdc77d1f4995f44742a837f532ea98530

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 073d8bfe59f080827062ac6e4a2ef1f6ea421e1009f9cb7a50eb77dfbab2d0c5

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 2efe9f340220bc6a31e8a7366b6d61700b6e086caf3973deb889f97a089f69e9

java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 04de459635296d1a7e20ef66634b5b7f64d6a31ab176808129d38e3d83df3341

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 71432f8c97c60f60cbc22f66c94067680329789032236a3339b68e49f59fd259

java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 58aa08dbd8846b13ab5de7f426989614290f68a29590697dd6689b923ea5c4a5

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 0068bd5ddbb0fed2a5b39f7df03e066f7e836f0dde25657d06620f90aec37dfd

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: e78ed4eaf3428d9b251e0cc61e87ab654bf27ae11d469d7fed3242f29b2fe102

java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 15d80fd285897c7976fe4e3827adf4436bdb213efe15d7c80156142f50b32cf6

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 31791608a52cf5009707857447c5a9b95446bbe37d07beb42f559c643904658c

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: cf3192176be319b2980e027452bdcc7018b7ca770d08cb63e960faf4b93d4159

java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 13ade63e93f76e26ed827496ea437e35dd0177ef054cf9bb78e6c6bdb164fa6b

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: 754ee88b5fe135b1d0716105c815540ab0654859104b44c7913a272fdb107349

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_1.noarch.rpm

SHA-256: 5e5646bf9008178e9755eb3e38ef0d7cc075b45c4e1394c2291c3bbfbeb9bd49

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_1.noarch.rpm

SHA-256: 496f02ce54fa1b019d551b46117d7a365af5857e8d6cfe5aeb3d92cc375a67f5

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: bffd36465b1c8790501d5754e864f1657ac98659cf972455ae9659f1e10734e4

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_1.x86_64.rpm

SHA-256: cbb264edd7702ed12892dc75d4aea09711d9f386cf2d250d04edde260948e5ff

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202407-24

Gentoo Linux Security Advisory 202407-24 - A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. Versions greater than or equal to 7.1.0 are affected.

RHSA-2023:5480: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.30.0 SP1 security update

Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...

Red Hat Security Advisory 2023-4877-01

Red Hat Security Advisory 2023-4877-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.

Red Hat Security Advisory 2023-4876-01

Red Hat Security Advisory 2023-4876-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

RHSA-2023:4166: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 an...

Red Hat Security Advisory 2023-4158-01

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4210-01

Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4177-01

Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4211-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4175-01

Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4208-01

Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4209-01

Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4161-01

Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

RHSA-2023:4210: Red Hat Security Advisory: OpenJDK 17.0.8 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4211: Red Hat Security Advisory: OpenJDK 17.0.8 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4208: Red Hat Security Advisory: OpenJDK security update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4209: Red Hat Security Advisory: OpenJDK 8u382 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...

RHSA-2023:4163: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4163: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4172: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...

RHSA-2023:4172: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...

RHSA-2023:4168: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected...

RHSA-2023:4165: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...

RHSA-2023:4162: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...

RHSA-2023:4162: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...

RHSA-2023:4165: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...

RHSA-2023:4171: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).