Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4166: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
  • CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Red Hat Security Data
#vulnerability#web#apple#linux#red_hat#java#oracle#graalvm#auth#ibm

概述

Moderate: java-1.8.0-openjdk security and bug fix update

类型/严重性

Security Advisory: Moderate

Red Hat Insights 补丁分析

标题

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
  • OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) (BZ#2217708)

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

受影响的产品

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

修复

  • BZ - 2217708 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-7.9.z]
  • BZ - 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
  • BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

参考

  • https://access.redhat.com/security/updates/classification/#moderate

Red Hat Enterprise Linux Server 7

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c

x86_64

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2

Red Hat Enterprise Linux Workstation 7

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c

x86_64

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2

Red Hat Enterprise Linux Desktop 7

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c

x86_64

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c

s390x

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: 3cdfdf2908c7ec1ba6c0e3e13ed67c1a7d96f98474ef2325c20db8e122a60a5f

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: aaf4cec03680435815bf9d038dc8d4791746711e906a02cd22ff4473f0df3a58

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: a18dd35db823d356dc9f29cbde08fcadcba20c9bca01227f252d91eb98c7c2e5

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: a18dd35db823d356dc9f29cbde08fcadcba20c9bca01227f252d91eb98c7c2e5

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: 27ff9c5ee093a0c7cf50799877a7159c723d26b3d5adffe32848eb7ca2b65c57

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: 1830447a1820662614c87dffe6121baa016cb30c91cc14f1a83d4d1c2bc9d4b7

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: 6b884432e994e43d7287ccb965665e535f4ed0352aaad82d0a01556a36b3c7db

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.s390x.rpm

SHA-256: 38ee8d8dbe8ad6e92e2660d0354f73c754d456c16f0e4482fe1d979259b899af

Red Hat Enterprise Linux for Power, big endian 7

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c

ppc64

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: a8341489e518c8d7e250f67815d30abaef289be0a0ced8be2f3ecb3f85a798e9

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: 80bdc6ba39e2395d1ddb5b193704ce580f2c773007ea1ebd94104ee53e7e0858

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: 76d4ae199dc41662c76397b5f120c420ab764fa25b808d4667f584cfcf1f8c55

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: 76d4ae199dc41662c76397b5f120c420ab764fa25b808d4667f584cfcf1f8c55

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: ce5d0a02f61cb6e166c260bfc04d5d8fbd9041f65b571cbb0d08c0e4bc4406d5

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: 8677f201c6d63de0e71f6f38d456837abcf324fdffe543f8f613444feccf636b

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: 55f9c4bd05c6746ac781103c723326d9727cf159cafbd765e183d26aac86566a

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64.rpm

SHA-256: 53370150d6ec1dd87a5f829be849c165f17aba60ad29a49003d4f00313e95e58

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c

x86_64

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm

SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2

Red Hat Enterprise Linux for Power, little endian 7

SRPM

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c

ppc64le

java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: de2e815e149091dc385da37faf88cca0a1902e53bf4849b4812d1d8b81ff4718

java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: 57c900930845946a7f475242a9d16604ee5646ba28f327da11ba0da1bfa5163f

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: 13307a1111ca872cbe3f1663ad70f906b702bbf30cb4a0f295e715fc19e25ef2

java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: 13307a1111ca872cbe3f1663ad70f906b702bbf30cb4a0f295e715fc19e25ef2

java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: ee0b835f4696491d957cf65c76c96eae9c68f38cf33f2386d32f03499693c9ba

java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: 8a343d67333c63a04b4f0b1a83a204b490b3f893fb1d863709c28c8f9880008e

java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: 37f2bb8934629c711c23785225a275d59a2de4eb22a5bfa03fb07e647f074f79

java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46

java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304

java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64le.rpm

SHA-256: aac695a2100f9b91883651385b24f9bd48c36b7ac8e7b146f2e032406f5d5d7e

Related news

Gentoo Linux Security Advisory 202407-24

Gentoo Linux Security Advisory 202407-24 - A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. Versions greater than or equal to 7.1.0 are affected.

RHSA-2023:5480: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.30.0 SP1 security update

Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...

Ubuntu Security Notice USN-6263-2

Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.

Ubuntu Security Notice USN-6272-1

Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

Red Hat Security Advisory 2023-4233-01

Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4158-01

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4158-01

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4175-01

Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4175-01

Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4176-01

Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4176-01

Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4161-01

Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4161-01

Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

RHSA-2023:4161: Red Hat Security Advisory: OpenJDK 11.0.20 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4161: Red Hat Security Advisory: OpenJDK 11.0.20 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4163: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4163: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...

RHSA-2023:4172: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...

RHSA-2023:4172: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...

RHSA-2023:4165: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...

RHSA-2023:4165: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...

RHSA-2023:4167: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3....

RHSA-2023:4167: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3....

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).