Headline
RHSA-2023:4168: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
- CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-07-19
Updated:
2023-07-19
RHSA-2023:4168 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: java-1.8.0-openjdk security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
- BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.src.rpm
SHA-256: e3dae08f39247dec2643a8c482c59b051cab0437c2b98d883d6e9439ac760b1d
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7edfa982655144b96247d7a5a1d65181c58af9cf2c0cea96f815e137955d8991
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7b7a1737c0764d9e997ee08efbae8b83c0b192405429ab7bf040092d285c1c18
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c91175264ff0d0c70c080775bb53cf2fedfb6b33cbe3c2d1de9420f92df1ed48
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cac281637a6fc5358f315e89a12ecd78c8e9ccb190ef915e59f8c64eee507198
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: f2f04de89debbc0a4a9114d9940569982169e5e471e07882f1de0452743b795d
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c77e0633ea5b0d73c3e46e3c3f6d86588ed6f84cc83bc018483e394418377ea6
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: b77c301e660183a99fc0d677d7c87e581ae0cb34993130b4c82937255a6c4f59
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: f29fdec2fa06447b54c7d4475550a728ded829a2ffc84826ce8b5730a1826be8
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7b0c85999e2af9b914ec31d3e3d31964a659f0adc39952ee0c863c350b0323f0
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cf4416512307545cbd49ead28fb0d80a7fbc5bf79526a75ea0c26d9aa8046c5f
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 41bc2ecbe5ca822b987a8ab25853c70ecba23c3cc19f94d74e22b67e0f99c9ca
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cc5940c5e607297d8f6ead907c4e3938b5fa65bd7ca82bfbf2bed4ae91dc1283
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c77efbc616c1e875853084a2946a3e424f0bc212785bc9882d5b7dbaab4967f6
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: bd4b5b81a26901cd066832e35e94dbb1b3352cafadc7c671d047ff70499e4777
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: 1cfbd644d0e650b4915185aa4c2c51ea1eb36ad746c0e91de841816056560296
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: ad583256fb6e8cc79e0a4d4ca8a42a9af7bf062219915081544088224fe7c30a
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 27d9d48b3c01dcd7b2fd37ca8739e7ba8bd4cb6bf79f92bdb1ccfa9a85d5b60d
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.src.rpm
SHA-256: e3dae08f39247dec2643a8c482c59b051cab0437c2b98d883d6e9439ac760b1d
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7edfa982655144b96247d7a5a1d65181c58af9cf2c0cea96f815e137955d8991
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7b7a1737c0764d9e997ee08efbae8b83c0b192405429ab7bf040092d285c1c18
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c91175264ff0d0c70c080775bb53cf2fedfb6b33cbe3c2d1de9420f92df1ed48
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cac281637a6fc5358f315e89a12ecd78c8e9ccb190ef915e59f8c64eee507198
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: f2f04de89debbc0a4a9114d9940569982169e5e471e07882f1de0452743b795d
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c77e0633ea5b0d73c3e46e3c3f6d86588ed6f84cc83bc018483e394418377ea6
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: b77c301e660183a99fc0d677d7c87e581ae0cb34993130b4c82937255a6c4f59
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: f29fdec2fa06447b54c7d4475550a728ded829a2ffc84826ce8b5730a1826be8
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7b0c85999e2af9b914ec31d3e3d31964a659f0adc39952ee0c863c350b0323f0
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cf4416512307545cbd49ead28fb0d80a7fbc5bf79526a75ea0c26d9aa8046c5f
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 41bc2ecbe5ca822b987a8ab25853c70ecba23c3cc19f94d74e22b67e0f99c9ca
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cc5940c5e607297d8f6ead907c4e3938b5fa65bd7ca82bfbf2bed4ae91dc1283
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c77efbc616c1e875853084a2946a3e424f0bc212785bc9882d5b7dbaab4967f6
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: bd4b5b81a26901cd066832e35e94dbb1b3352cafadc7c671d047ff70499e4777
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: 1cfbd644d0e650b4915185aa4c2c51ea1eb36ad746c0e91de841816056560296
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: ad583256fb6e8cc79e0a4d4ca8a42a9af7bf062219915081544088224fe7c30a
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 27d9d48b3c01dcd7b2fd37ca8739e7ba8bd4cb6bf79f92bdb1ccfa9a85d5b60d
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.src.rpm
SHA-256: e3dae08f39247dec2643a8c482c59b051cab0437c2b98d883d6e9439ac760b1d
ppc64le
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 43cd15bf0e9e6f93ab7fd3e62e8a405e160c2c6d554e063d6e2460c9e9176b8a
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: ac6c6c238f34fc5302195d1f65d7c4b8e0bc6209373c2fa8fd40ef660c1ae101
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 14a4dc75a4640caec7a4737f276143c2d454441fa8fa440263d1699e80058ac3
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 241f44643fb73c7381e63d5aa9b8614ad23a68d786ce4a4d939cce0774a92463
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 0ba2a50cd1fc69e6497d129279afed6357e8d921fed8577ce3cfdacfca130da2
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 98f9abb5496097b34f63d488df7961489f1c9a157521baf19a1bec9d866ce07d
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: d6997177026a48501d06aa2c10a95b81a75601ef79b7d51a81eed3cff8697763
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: f795417267629677ae7fcbe0698bc4266ca2aba82ae8b29db646fa3e863ce725
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: da1a5a6b0c0d10f0bda0985133573fc3a0d231c5a489aad230163feba6bfec6a
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 08daca26c80963fa2d38b339db7d118250ddd26d441fa18b32cf0a9a1fbe77b3
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 73cf5553ec921eda5fafd47b57740aedb4e5a173a0340407717793ff2aa6ac3f
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 338f8b4f288c845088af4bf2f8a26e46ac983fe78dd1674f170c50cf7d6f7df2
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 7c4c8da7a31ce849a6453878206e49895151bbcf32b88cf026592f876ff5f417
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: bd4b5b81a26901cd066832e35e94dbb1b3352cafadc7c671d047ff70499e4777
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: 1cfbd644d0e650b4915185aa4c2c51ea1eb36ad746c0e91de841816056560296
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: cc3535e0e1369dac9d95401eb53a9e97e551f43f740347259cb2505178591e17
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_2.ppc64le.rpm
SHA-256: 1cb8056d3d843bba91ba9d8a5b5fc19432821f1d3e04bca00b6eab5fe83cf477
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.src.rpm
SHA-256: e3dae08f39247dec2643a8c482c59b051cab0437c2b98d883d6e9439ac760b1d
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7edfa982655144b96247d7a5a1d65181c58af9cf2c0cea96f815e137955d8991
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7b7a1737c0764d9e997ee08efbae8b83c0b192405429ab7bf040092d285c1c18
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c91175264ff0d0c70c080775bb53cf2fedfb6b33cbe3c2d1de9420f92df1ed48
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cac281637a6fc5358f315e89a12ecd78c8e9ccb190ef915e59f8c64eee507198
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: f2f04de89debbc0a4a9114d9940569982169e5e471e07882f1de0452743b795d
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c77e0633ea5b0d73c3e46e3c3f6d86588ed6f84cc83bc018483e394418377ea6
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: b77c301e660183a99fc0d677d7c87e581ae0cb34993130b4c82937255a6c4f59
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: f29fdec2fa06447b54c7d4475550a728ded829a2ffc84826ce8b5730a1826be8
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 7b0c85999e2af9b914ec31d3e3d31964a659f0adc39952ee0c863c350b0323f0
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cf4416512307545cbd49ead28fb0d80a7fbc5bf79526a75ea0c26d9aa8046c5f
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 41bc2ecbe5ca822b987a8ab25853c70ecba23c3cc19f94d74e22b67e0f99c9ca
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: cc5940c5e607297d8f6ead907c4e3938b5fa65bd7ca82bfbf2bed4ae91dc1283
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: c77efbc616c1e875853084a2946a3e424f0bc212785bc9882d5b7dbaab4967f6
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: bd4b5b81a26901cd066832e35e94dbb1b3352cafadc7c671d047ff70499e4777
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el8_2.noarch.rpm
SHA-256: 1cfbd644d0e650b4915185aa4c2c51ea1eb36ad746c0e91de841816056560296
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: ad583256fb6e8cc79e0a4d4ca8a42a9af7bf062219915081544088224fe7c30a
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el8_2.x86_64.rpm
SHA-256: 27d9d48b3c01dcd7b2fd37ca8739e7ba8bd4cb6bf79f92bdb1ccfa9a85d5b60d
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...
Red Hat Security Advisory 2023-4877-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.
Red Hat Security Advisory 2023-4876-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.
Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.
Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerabili...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3....
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).