Headline
RHSA-2023:4172: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
- CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-07-19
Updated:
2023-07-19
RHSA-2023:4172 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: java-1.8.0-openjdk security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
- BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.src.rpm
SHA-256: 00329a46083593aa1e5fa708ec0d8ae9043631088bab8e87c5f1dec3353df80c
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 3f1fb82f4bdbcb832c3591e9b0e2b464d169d7e2455cf7a014d2c0628a3a2cfb
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 2cb3846ba803d255fcb6c1bb0517c89b08f32b93b814535d60d055209850118e
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 6fb462a284f3b2fd424e4502877bf44e5f96f8ab08dc9336698aaa55bb456247
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 694d960e8146f8fd49317fae197aea64f26572c37436571f32c8d54328c4ba5e
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 3dc8164577756b8a5987e18e25ae5644795b3f225c91d9b1b200d1705c815466
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: dc64aed5fd9486b49b7c063e2f56e3c0e2eb510fa3a158ba90e7d4db638fa7f9
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: a8d1d3eaee93190d355317a755845d3a8a99b278afeb1d96c8fa781741876fd4
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 6df8df1a76d4b06cf51b9c8298b3e4410ac2f51990cf95aa7e620f55e8ef393a
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 63b088de3a4e54d2071443d9711336bb305f761bf6c3bef5a5f16967391506b5
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 5104c078a096cd970f37a263319816790cac5031a6bab97545be24c2a52bd9de
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 9760b9b6302ce416584ca7efd6f6e93e2bbc0a2de699e7ef0edb621b4d18a7d2
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: e24b0fb649ae780dd6e4adb9903c16b498799fa3ddfca4a499cebb1c73359bcc
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 7516ac113cbb969bb0d8038152ed897ce621f9884ca391d7ab4bd7b593b50924
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: ccea9cd6cf3284e76cd0b78059176bb261f221b08b96b5c1fe2b1adb04413319
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: f38e4d1486dac00e5cfde17e707f247a2dd89709bdefb8d075709949a3709f2d
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 8f68535d8255431fef9fcdd2972f1bec06988e2ad1f58bad6c91eab0dec08c00
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: f1ecc0b06936046a83d8f5d5f35f3939b4b42f49602ad8d5a6942a54935df30f
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: 065c8f9f4ac2728ac5ed90c53d9e981c18daec7095c961c025afb5154645bab1
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: b4759ed98bb78c7ad598e298dffddababd3404a8d375cd713671318be81d8871
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 95caa3352ca29a455ee42b1a0c40420cb61f6f1eb2730eedf539400b34a5c03b
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 2c3f93ad1f19ff3035e9fd052333b4f92ce891259ea1bf7f5fdfd23fde38497c
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.src.rpm
SHA-256: 00329a46083593aa1e5fa708ec0d8ae9043631088bab8e87c5f1dec3353df80c
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 3f1fb82f4bdbcb832c3591e9b0e2b464d169d7e2455cf7a014d2c0628a3a2cfb
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 2cb3846ba803d255fcb6c1bb0517c89b08f32b93b814535d60d055209850118e
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 6fb462a284f3b2fd424e4502877bf44e5f96f8ab08dc9336698aaa55bb456247
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 694d960e8146f8fd49317fae197aea64f26572c37436571f32c8d54328c4ba5e
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 3dc8164577756b8a5987e18e25ae5644795b3f225c91d9b1b200d1705c815466
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: dc64aed5fd9486b49b7c063e2f56e3c0e2eb510fa3a158ba90e7d4db638fa7f9
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 63b088de3a4e54d2071443d9711336bb305f761bf6c3bef5a5f16967391506b5
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 5104c078a096cd970f37a263319816790cac5031a6bab97545be24c2a52bd9de
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: ccea9cd6cf3284e76cd0b78059176bb261f221b08b96b5c1fe2b1adb04413319
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: f38e4d1486dac00e5cfde17e707f247a2dd89709bdefb8d075709949a3709f2d
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: 065c8f9f4ac2728ac5ed90c53d9e981c18daec7095c961c025afb5154645bab1
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: b4759ed98bb78c7ad598e298dffddababd3404a8d375cd713671318be81d8871
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 2c3f93ad1f19ff3035e9fd052333b4f92ce891259ea1bf7f5fdfd23fde38497c
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.src.rpm
SHA-256: 00329a46083593aa1e5fa708ec0d8ae9043631088bab8e87c5f1dec3353df80c
ppc64le
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: c5d2ada5141cf8e1a9e4ca26e97db98d2431940828f58f5786c3521a48e811d0
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: e0a5610718de51a996ed53165ba484fe5114f871693773e59c6ff0c900839e65
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: 1fc7983c48a144ab0a0ac978074b053c08ca993ae06e637c1c4e5fc65484da51
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: 5d6b449744753d4d8660f6642c2112a8a4355f8f850d9bcab574ad15a8567131
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: 7d6d70efe7004d20b0ae54b3dad23cf0bc865e21143f00734b7b05c8740a87d0
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: e332b98a857cb74002c95058e38955a07f37f8c435794d1f58f2d95cfc196d12
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: cc5c7068d05a7b4828ae0c1857fad15295e9388efb80b2ea9c1496511883b6c9
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: 692e4a70ec05099bcefb9af26320e775a51a4d5e666e4f2ed71be089885dbb5b
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: be80d29a99b57a77dc2fedff88524dfb49cde42340284e4e990110065131beef
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: cd5d7ced8ec532c61bcfafa06e7bbe7ab9d64b94938313d053415d5627718610
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: 065c8f9f4ac2728ac5ed90c53d9e981c18daec7095c961c025afb5154645bab1
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: b4759ed98bb78c7ad598e298dffddababd3404a8d375cd713671318be81d8871
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_4.ppc64le.rpm
SHA-256: 0edff25e7b4bb5bc77a1d3e55fef9c15772f065f64fa21925af297deb71714fb
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.src.rpm
SHA-256: 00329a46083593aa1e5fa708ec0d8ae9043631088bab8e87c5f1dec3353df80c
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 3f1fb82f4bdbcb832c3591e9b0e2b464d169d7e2455cf7a014d2c0628a3a2cfb
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 2cb3846ba803d255fcb6c1bb0517c89b08f32b93b814535d60d055209850118e
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 6fb462a284f3b2fd424e4502877bf44e5f96f8ab08dc9336698aaa55bb456247
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 694d960e8146f8fd49317fae197aea64f26572c37436571f32c8d54328c4ba5e
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 3dc8164577756b8a5987e18e25ae5644795b3f225c91d9b1b200d1705c815466
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: dc64aed5fd9486b49b7c063e2f56e3c0e2eb510fa3a158ba90e7d4db638fa7f9
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 63b088de3a4e54d2071443d9711336bb305f761bf6c3bef5a5f16967391506b5
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 5104c078a096cd970f37a263319816790cac5031a6bab97545be24c2a52bd9de
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: ccea9cd6cf3284e76cd0b78059176bb261f221b08b96b5c1fe2b1adb04413319
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: f38e4d1486dac00e5cfde17e707f247a2dd89709bdefb8d075709949a3709f2d
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: 065c8f9f4ac2728ac5ed90c53d9e981c18daec7095c961c025afb5154645bab1
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_4.noarch.rpm
SHA-256: b4759ed98bb78c7ad598e298dffddababd3404a8d375cd713671318be81d8871
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_4.x86_64.rpm
SHA-256: 2c3f93ad1f19ff3035e9fd052333b4f92ce891259ea1bf7f5fdfd23fde38497c
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...
Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.
Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.
Red Hat OpenShift Serverless version 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containin...
Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 an...
Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3....
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).