Headline
RHSA-2023:4166: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
- CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
概述
Moderate: java-1.8.0-openjdk security and bug fix update
类型/严重性
Security Advisory: Moderate
Red Hat Insights 补丁分析
标题
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) (BZ#2217708)
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
受影响的产品
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
修复
- BZ - 2217708 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-7.9.z]
- BZ - 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
- BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
参考
- https://access.redhat.com/security/updates/classification/#moderate
Red Hat Enterprise Linux Server 7
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm
SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2
Red Hat Enterprise Linux Workstation 7
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm
SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2
Red Hat Enterprise Linux Desktop 7
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm
SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm
SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c
s390x
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: 3cdfdf2908c7ec1ba6c0e3e13ed67c1a7d96f98474ef2325c20db8e122a60a5f
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: aaf4cec03680435815bf9d038dc8d4791746711e906a02cd22ff4473f0df3a58
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: a18dd35db823d356dc9f29cbde08fcadcba20c9bca01227f252d91eb98c7c2e5
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: a18dd35db823d356dc9f29cbde08fcadcba20c9bca01227f252d91eb98c7c2e5
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: 27ff9c5ee093a0c7cf50799877a7159c723d26b3d5adffe32848eb7ca2b65c57
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: 1830447a1820662614c87dffe6121baa016cb30c91cc14f1a83d4d1c2bc9d4b7
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: 6b884432e994e43d7287ccb965665e535f4ed0352aaad82d0a01556a36b3c7db
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.s390x.rpm
SHA-256: 38ee8d8dbe8ad6e92e2660d0354f73c754d456c16f0e4482fe1d979259b899af
Red Hat Enterprise Linux for Power, big endian 7
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm
SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c
ppc64
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: a8341489e518c8d7e250f67815d30abaef289be0a0ced8be2f3ecb3f85a798e9
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: 80bdc6ba39e2395d1ddb5b193704ce580f2c773007ea1ebd94104ee53e7e0858
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: 76d4ae199dc41662c76397b5f120c420ab764fa25b808d4667f584cfcf1f8c55
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: 76d4ae199dc41662c76397b5f120c420ab764fa25b808d4667f584cfcf1f8c55
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: ce5d0a02f61cb6e166c260bfc04d5d8fbd9041f65b571cbb0d08c0e4bc4406d5
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: 8677f201c6d63de0e71f6f38d456837abcf324fdffe543f8f613444feccf636b
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: 55f9c4bd05c6746ac781103c723326d9727cf159cafbd765e183d26aac86566a
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64.rpm
SHA-256: 53370150d6ec1dd87a5f829be849c165f17aba60ad29a49003d4f00313e95e58
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm
SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c
x86_64
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 42817a09a4ae99248531a8cc0029a5e4bf9a22051680d78af6b84de64cf0366a
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: f9b1b942922f2523e2ed767ceb4edd8ee0a26b3de0b33d577cf43c69a7942c4d
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 78ff0983b046538dd02aa0aea53a83b2632968f7e5db79d317478d673d1508b3
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7e1f76a313eb2ee35ef4babcbc27cd82da9dae5a82c3dff16110397850c4d8e1
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 08752a1534fcb09d9358bfa341230be17574219406411d992e6fce0287a1a2bb
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: dc74ec314cd64eeec30eb00cf4d4d3adc2405cab2e85c7229e1d34889fcd86ba
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 00ade528f41b0961b0a631a4febf12d79f0008659c3f2fd7aba973e8a7cb8c06
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: ceaddf057f3b8999175053b3f32af15abb0d95863311ea21d7b91bec2b17274f
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: d18e47bafeece718f899d3cbe27ab822ea4f63bdb78e44e952cc86e1d4f5be06
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: 7044c209cc22019627b4eb28f4024014284cb32ee1332b60ce785b85ca8e27b1
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 4be2321f76b184cf152ce4af2ea08a6a9ecad92000abbfebc485be3b97928ded
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: e3ef1ecbb740fc03815e64b80da27fd0ca7bc3b7ac1883040bfd8cbfe4ea0394
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
SHA-256: 9c93d7cf265eeaf47cae439b19a230169cc9c0f62c75fdfa9773b291e38c3dbc
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm
SHA-256: b4ecce2a4b6abf180a01f6f6bfec9989d14f66e376058fddf8b2ac1daf7247d2
Red Hat Enterprise Linux for Power, little endian 7
SRPM
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm
SHA-256: 0e3a468f376172cfa7028a7c5e22f7058d28268b8ebcb0863dfd7ab3ec45116c
ppc64le
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: de2e815e149091dc385da37faf88cca0a1902e53bf4849b4812d1d8b81ff4718
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: 57c900930845946a7f475242a9d16604ee5646ba28f327da11ba0da1bfa5163f
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: 13307a1111ca872cbe3f1663ad70f906b702bbf30cb4a0f295e715fc19e25ef2
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: 13307a1111ca872cbe3f1663ad70f906b702bbf30cb4a0f295e715fc19e25ef2
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: ee0b835f4696491d957cf65c76c96eae9c68f38cf33f2386d32f03499693c9ba
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: 8a343d67333c63a04b4f0b1a83a204b490b3f893fb1d863709c28c8f9880008e
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: 37f2bb8934629c711c23785225a275d59a2de4eb22a5bfa03fb07e647f074f79
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: df1516bed6d20b1e08aaca5f346c0553da5f7e5cf31068fec2aa16fd68fa9a46
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm
SHA-256: 7972fc181c72e265d87582029cbc1dd66adb1f0dce32cad83b7778ba04c3b304
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64le.rpm
SHA-256: aac695a2100f9b91883651385b24f9bd48c36b7ac8e7b146f2e032406f5d5d7e
Related news
Gentoo Linux Security Advisory 202407-24 - A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. Versions greater than or equal to 7.1.0 are affected.
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denia...
Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.
Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.
Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions ...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions ...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM f...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3....
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22045: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3....
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).