Headline
RHSA-2023:0205: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)
- CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
発行日:
2023-01-23
更新日:
2023-01-23
RHSA-2023:0205 - Security Advisory
- 概要
- 更新パッケージ
概要
Moderate: java-1.8.0-openjdk security update
タイプ/重大度
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
トピック
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830)
- OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解決法
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
影響を受ける製品
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
修正
- BZ - 2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)
- BZ - 2160490 - CVE-2023-21830 OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)
参考資料
- https://access.redhat.com/security/updates/classification/#moderate
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.src.rpm
SHA-256: 7cc348eb2b6498ebd38b46eeb5bfbe4971a90bbb3edf19c8df00e67036bb1f04
x86_64
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: a5884c78c986955b18f9e4e69d97a84d478ef1d5678d3802387db917981cc1d6
java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: d513c1a9cb591888492160dbb47383ecbb01e5254a25f0c8e40988f680f1459b
java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 4ea257cb6138948aec7d9b7ba6ca1dbdd2bd2d5d5917421ceaab535a2b6cffb1
java-1.8.0-openjdk-debugsource-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 502ca682526deaf0d83e9b4c8049a6f6d0feca7bc5b51768822086e595d0fa3b
java-1.8.0-openjdk-demo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 2cd5d9f47eb8e2311cb1214c88f07aaed1b54c8233c74ad71fd58f9d89ff8222
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: eaee91c40498597aa21527f6724f1dc126c05a1ae45288acc9c8d60047d46036
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 83fd3aa482423f19e85769735e44365f0110efa4ffdf20f7743e9fc7dbe2d1bb
java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 2a9effa5275b040d105763dabd4a061883de302f176c34ae674b52841b7b0a9e
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: e980f81ed02d5a9073ce164ba60f9c16045aa4e014194eda8dc9f71c53c75924
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 8e5416b7d3409aa4ecd8f7e21148087311e2b75d4061ef7644604c69b3459684
java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 6384bed643bae72c611701fbf2033b892e4312c9f7589a6189e166a76e5ad8a9
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: c5a895e59f1df295e5ff1a1e41cf127c43145a5dbb879097e6b550a29619db73
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 778e466220e2dc8d22ac6eda5965b9fa06c297846d3aeb6a1a892e19a35ab651
java-1.8.0-openjdk-javadoc-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4e8e73e32b552bcc6d1f2fa9138732b3d742a3891444401bd13993a0ae6c4c2b
java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4fd0d5fe89237a3667a39e905e32a30e202eb731405aaae184a500c7f38aaf9d
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: da0204d476e55db3ab18fec63e8006c70f4284aabe4842e8f7f1f8b36767234c
java-1.8.0-openjdk-src-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: cf44e67d1e56d569f0617c25abd2096b61a901ee5e90de8da88b1c5eca256957
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.src.rpm
SHA-256: 7cc348eb2b6498ebd38b46eeb5bfbe4971a90bbb3edf19c8df00e67036bb1f04
x86_64
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: a5884c78c986955b18f9e4e69d97a84d478ef1d5678d3802387db917981cc1d6
java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: d513c1a9cb591888492160dbb47383ecbb01e5254a25f0c8e40988f680f1459b
java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 4ea257cb6138948aec7d9b7ba6ca1dbdd2bd2d5d5917421ceaab535a2b6cffb1
java-1.8.0-openjdk-debugsource-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 502ca682526deaf0d83e9b4c8049a6f6d0feca7bc5b51768822086e595d0fa3b
java-1.8.0-openjdk-demo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 2cd5d9f47eb8e2311cb1214c88f07aaed1b54c8233c74ad71fd58f9d89ff8222
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: eaee91c40498597aa21527f6724f1dc126c05a1ae45288acc9c8d60047d46036
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 83fd3aa482423f19e85769735e44365f0110efa4ffdf20f7743e9fc7dbe2d1bb
java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 2a9effa5275b040d105763dabd4a061883de302f176c34ae674b52841b7b0a9e
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: e980f81ed02d5a9073ce164ba60f9c16045aa4e014194eda8dc9f71c53c75924
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 8e5416b7d3409aa4ecd8f7e21148087311e2b75d4061ef7644604c69b3459684
java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 6384bed643bae72c611701fbf2033b892e4312c9f7589a6189e166a76e5ad8a9
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: c5a895e59f1df295e5ff1a1e41cf127c43145a5dbb879097e6b550a29619db73
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 778e466220e2dc8d22ac6eda5965b9fa06c297846d3aeb6a1a892e19a35ab651
java-1.8.0-openjdk-javadoc-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4e8e73e32b552bcc6d1f2fa9138732b3d742a3891444401bd13993a0ae6c4c2b
java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4fd0d5fe89237a3667a39e905e32a30e202eb731405aaae184a500c7f38aaf9d
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: da0204d476e55db3ab18fec63e8006c70f4284aabe4842e8f7f1f8b36767234c
java-1.8.0-openjdk-src-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: cf44e67d1e56d569f0617c25abd2096b61a901ee5e90de8da88b1c5eca256957
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.src.rpm
SHA-256: 7cc348eb2b6498ebd38b46eeb5bfbe4971a90bbb3edf19c8df00e67036bb1f04
ppc64le
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 6e989806ece88a1fb21799be5806f2ff66f97bde3f9f48611aa0ae1d94da2d14
java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 85f5160d718151a6054ba9ef2dd1cdf47a227f496bb720dec4610bee0f8fb776
java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 622038ff29c5e132ce0ecbadd46d63e4fcf738d0dccc9949c61d17c1e7d87db5
java-1.8.0-openjdk-debugsource-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: f5e5111a8c69f4a30c9ca76f0311d72ceb785453c7bbecc2fcd8b85845b9bd9b
java-1.8.0-openjdk-demo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 67836ad66d7fb9cf6ef99f8218f4013ea952fc78d2d9ae94836cdc93d48d8de5
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: e64494a2468f3719b813b2c1d5e94d9977ccb0bc86da494b4ddfcf93757d8336
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 1f2f66e3084e6324cc92dd352d85199c98d2c97b2399ef05e3155a9c1f95d984
java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 467c3ba89ec5c2d2bdc19945e1669a9a689173f552f8c2a32fed4402ef8fdaef
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: c4a982643079b50a6ed50b400a6eb13a09b2bef38c50711fea5eff09587ce151
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 96a94e49c780a999f202fc265079bd003f7533c01296ac484bc2662ad37f493b
java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 3cee12ec5514d01cdffec2f8eca06306899e8b8ffa5fd3fa756f885bf589e5e5
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 5fb373e9e38b7176a711ba3df67a519fe0a695f9b5403e13fe8476538dded569
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: cd28448461420e7c384175f268aff7a1fd8aad4b647c9c7fca012dd12d24ad56
java-1.8.0-openjdk-javadoc-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4e8e73e32b552bcc6d1f2fa9138732b3d742a3891444401bd13993a0ae6c4c2b
java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4fd0d5fe89237a3667a39e905e32a30e202eb731405aaae184a500c7f38aaf9d
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: 6d245f08bf1e5a62f0a59c6f4fb36363bf605481236123f33fb8e3bb6e831ed4
java-1.8.0-openjdk-src-1.8.0.362.b08-1.el8_2.ppc64le.rpm
SHA-256: bf951d7fd9de2aae9049af157addc67889fb6dee5450a4a76c27502ae439610c
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.src.rpm
SHA-256: 7cc348eb2b6498ebd38b46eeb5bfbe4971a90bbb3edf19c8df00e67036bb1f04
x86_64
java-1.8.0-openjdk-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: a5884c78c986955b18f9e4e69d97a84d478ef1d5678d3802387db917981cc1d6
java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: d513c1a9cb591888492160dbb47383ecbb01e5254a25f0c8e40988f680f1459b
java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 4ea257cb6138948aec7d9b7ba6ca1dbdd2bd2d5d5917421ceaab535a2b6cffb1
java-1.8.0-openjdk-debugsource-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 502ca682526deaf0d83e9b4c8049a6f6d0feca7bc5b51768822086e595d0fa3b
java-1.8.0-openjdk-demo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 2cd5d9f47eb8e2311cb1214c88f07aaed1b54c8233c74ad71fd58f9d89ff8222
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: eaee91c40498597aa21527f6724f1dc126c05a1ae45288acc9c8d60047d46036
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 83fd3aa482423f19e85769735e44365f0110efa4ffdf20f7743e9fc7dbe2d1bb
java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 2a9effa5275b040d105763dabd4a061883de302f176c34ae674b52841b7b0a9e
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: e980f81ed02d5a9073ce164ba60f9c16045aa4e014194eda8dc9f71c53c75924
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 8e5416b7d3409aa4ecd8f7e21148087311e2b75d4061ef7644604c69b3459684
java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 6384bed643bae72c611701fbf2033b892e4312c9f7589a6189e166a76e5ad8a9
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: c5a895e59f1df295e5ff1a1e41cf127c43145a5dbb879097e6b550a29619db73
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: 778e466220e2dc8d22ac6eda5965b9fa06c297846d3aeb6a1a892e19a35ab651
java-1.8.0-openjdk-javadoc-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4e8e73e32b552bcc6d1f2fa9138732b3d742a3891444401bd13993a0ae6c4c2b
java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b08-1.el8_2.noarch.rpm
SHA-256: 4fd0d5fe89237a3667a39e905e32a30e202eb731405aaae184a500c7f38aaf9d
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: da0204d476e55db3ab18fec63e8006c70f4284aabe4842e8f7f1f8b36767234c
java-1.8.0-openjdk-src-1.8.0.362.b08-1.el8_2.x86_64.rpm
SHA-256: cf44e67d1e56d569f0617c25abd2096b61a901ee5e90de8da88b1c5eca256957
Red Hat のセキュリティーに関する連絡先は [email protected] です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。
Related news
Gentoo Linux Security Advisory 202401-25 - Multiple vulnerabilities have been discovered in OpenJDK, the worst of which can lead to remote code execution. Versions greater than or equal to 11.0.19_p7:11 are affected.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-3136-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8. Issues addressed include a deserialization vulnerability.
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated...
Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat Security Advisory 2023-0208-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
Red Hat Security Advisory 2023-0237-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0203-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
Red Hat Security Advisory 2023-0387-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a deserialization vulnerability.
Red Hat Security Advisory 2023-0354-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a deserialization vulnerability.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21830: OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
Red Hat Security Advisory 2023-0202-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0198-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0196-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).