Headline
RHSA-2023:4877: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-08-30
Updated:
2023-08-30
RHSA-2023:4877 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: java-1.8.0-ibm security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR8-FP10.
Security Fix(es):
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of IBM Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
Fixes
- BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
Red Hat Enterprise Linux for x86_64 8
SRPM
x86_64
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 648c5b805efb9ce7942e3d38881693d0eff629d4ae91e38eacc6fc01fe028a2f
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 674cdd3d036d16c7e29f73edaa7919004a51d4bf3441a856492134bf309e4171
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 27e57367bda06981f7b0a6e614095e62342ed855ac287eacefe4967f95ce1987
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: f854b375fa28e29d9ca591efcdf7106cd0c07f00e8fe02d5a88e7ace2f3fc0ec
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 27ec239c79db28b3ec40e41b411c440771dfb12b7bbf42e5add2805af727beee
java-1.8.0-ibm-plugin-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: e08cc41c047a9e3f54f773bc43d963ad00b0d94937253708d3668e0806a7aa55
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: bfa12f19e1a18f9f163208a664a2e5cc01b5c04122a637a7f499dbd5ac591299
java-1.8.0-ibm-webstart-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: e22f8e8f1fe664f54853da05ba97cd62bbd96b6e00b228f4cba0cdda0d1841e2
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
x86_64
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 648c5b805efb9ce7942e3d38881693d0eff629d4ae91e38eacc6fc01fe028a2f
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 674cdd3d036d16c7e29f73edaa7919004a51d4bf3441a856492134bf309e4171
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 27e57367bda06981f7b0a6e614095e62342ed855ac287eacefe4967f95ce1987
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: f854b375fa28e29d9ca591efcdf7106cd0c07f00e8fe02d5a88e7ace2f3fc0ec
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: 27ec239c79db28b3ec40e41b411c440771dfb12b7bbf42e5add2805af727beee
java-1.8.0-ibm-plugin-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: e08cc41c047a9e3f54f773bc43d963ad00b0d94937253708d3668e0806a7aa55
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: bfa12f19e1a18f9f163208a664a2e5cc01b5c04122a637a7f499dbd5ac591299
java-1.8.0-ibm-webstart-1.8.0.8.10-1.el8_8.x86_64.rpm
SHA-256: e22f8e8f1fe664f54853da05ba97cd62bbd96b6e00b228f4cba0cdda0d1841e2
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
s390x
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 6f71230c48d2a03e689768a2957abc6bd613194a2bff68126343f07d28a41139
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: ec028c0eeac885252f570218f5b9dadb2f603c5e645fecb93111e95f36fddd50
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: fc2f62ba348cd587b28b64d5d36f606303deabe5348114e1202d101c5c0b37e2
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 88315693ce2071e0112b3a2f7c90133e33469cce11f202826c1556bf1222f161
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 3014555ecb4dead9414d07b8603921416da1a3eec5a8cb6e711056c371b45d18
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 064c52f340721e399ddc9f6e9fd4b9241c2941b7858a2e77c34af9af43d4a4e5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
s390x
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 6f71230c48d2a03e689768a2957abc6bd613194a2bff68126343f07d28a41139
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: ec028c0eeac885252f570218f5b9dadb2f603c5e645fecb93111e95f36fddd50
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: fc2f62ba348cd587b28b64d5d36f606303deabe5348114e1202d101c5c0b37e2
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 88315693ce2071e0112b3a2f7c90133e33469cce11f202826c1556bf1222f161
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 3014555ecb4dead9414d07b8603921416da1a3eec5a8cb6e711056c371b45d18
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.s390x.rpm
SHA-256: 064c52f340721e399ddc9f6e9fd4b9241c2941b7858a2e77c34af9af43d4a4e5
Red Hat Enterprise Linux for Power, little endian 8
SRPM
ppc64le
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: ac92ac5b79db2416e6294dd4c41eb68e014c0d319429090a33394974e180a52f
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: e0227bb53adc58d1d71cb7da39e9583c58b805c2bbf4bf939020c9a477e6b1a9
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: f6738329bedb15de49dc5b390dd8cd4b9be39d9a32f28422c979cfc1a258fdc5
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: 758c2fa75b026ec1d63bba80d052becacd51e75f30f941b7076ccbe1d4d75d51
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: 15a292041253715065666bee5c64eda189c843e4b6fab89d72dc19397e5c3299
java-1.8.0-ibm-plugin-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: 2e7df65cc247a657be0623d246ffb95f15af099b49fadc42ad468d6fcf7aa858
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: cb2161071b4bbf9a24e1e468f1c5355c7c8a5ac45abf4d8c63641dec496f2955
java-1.8.0-ibm-webstart-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: c35ec91f505adea5b1a3677ff06de6759a6335ef0a11c022da43d4885d007fb2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
ppc64le
java-1.8.0-ibm-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: ac92ac5b79db2416e6294dd4c41eb68e014c0d319429090a33394974e180a52f
java-1.8.0-ibm-demo-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: e0227bb53adc58d1d71cb7da39e9583c58b805c2bbf4bf939020c9a477e6b1a9
java-1.8.0-ibm-devel-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: f6738329bedb15de49dc5b390dd8cd4b9be39d9a32f28422c979cfc1a258fdc5
java-1.8.0-ibm-headless-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: 758c2fa75b026ec1d63bba80d052becacd51e75f30f941b7076ccbe1d4d75d51
java-1.8.0-ibm-jdbc-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: 15a292041253715065666bee5c64eda189c843e4b6fab89d72dc19397e5c3299
java-1.8.0-ibm-plugin-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: 2e7df65cc247a657be0623d246ffb95f15af099b49fadc42ad468d6fcf7aa858
java-1.8.0-ibm-src-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: cb2161071b4bbf9a24e1e468f1c5355c7c8a5ac45abf4d8c63641dec496f2955
java-1.8.0-ibm-webstart-1.8.0.8.10-1.el8_8.ppc64le.rpm
SHA-256: c35ec91f505adea5b1a3677ff06de6759a6335ef0a11c022da43d4885d007fb2
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.
Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.
Red Hat Security Advisory 2023-4178-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...