Headline
RHSA-2023:1879: Red Hat Security Advisory: java-17-openjdk security and bug fix update
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
- CVE-2023-21937: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- CVE-2023-21938: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- CVE-2023-21939: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
- CVE-2023-21954: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
- CVE-2023-21967: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
- CVE-2023-21968: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Synopsis
Important: java-17-openjdk security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
- OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
- OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
- OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
- OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
- OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
- OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
- OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186804)
- Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186811)
- The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186807)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2186804 - Add missing attributes when registering services in FIPS mode [rhel-9, openjdk-17] [rhel-9.1.0.z]
- BZ - 2186807 - C_GetInfo can throw an exception if called before initialization in some PKCS #11 tokens [rhel-9, openjdk-17] [rhel-9.1.0.z]
- BZ - 2186811 - Enable XML Signature provider in FIPS mode [rhel-9, openjdk-17] [rhel-9.1.0.z]
- BZ - 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)
- BZ - 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)
- BZ - 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)
- BZ - 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)
- BZ - 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
- BZ - 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)
- BZ - 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)
CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
Red Hat Enterprise Linux for x86_64 9
SRPM
java-17-openjdk-17.0.7.0.7-1.el9_1.src.rpm
SHA-256: bf7f7c83e1672001b31459f2b624849cc221d19a1d8c80470e02337681221324
x86_64
java-17-openjdk-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 6ead12b9c654ba902ee25a735824ce6f3121d94ffcdebf0075d4104a265525c2
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 0afd36906b4d6e279c287d62feb2d165c55a163096589067c06a87eb407cc4db
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: d5d649c6ce3e5973c37e4fcf3217c836f5ef57afde8991bf1f46ddbabaa236b4
java-17-openjdk-demo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 2e63ae2d7a966aeef87f6a8f0b51c8b981100eb18fc9ce8a32df7aee528697d8
java-17-openjdk-devel-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 18e6bf6981606fb778e1ec9dde170d4f1e3d105ef630321829fab42a8f456d08
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: f52185fc44ca9a24088b44bd0cf32dc0f0bb745423b63085ff10aa338500bee8
java-17-openjdk-headless-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: a8e6996f7edc83e5d6e65e216bf117784ca7e78396a8c748da9140c0e2404676
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 3df5de58d73130b1937ede48290a6c11c83bdec8e280df75c6805ebf65654831
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: b5f949b2af78b01a65836d8676793f811bb3d1af765f4ede05c0a199f65c2d2a
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 34e55b15a9dcea54a4e22c5664d6067794a70d1f9156eaa020882acf8cb76dbd
java-17-openjdk-jmods-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 370e8a369c56c30dfce824add6d21b69913cb3bf52a4b671c0da4aadac5a7931
java-17-openjdk-src-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 3073c776849a10099aed4c3134e9dc631dfe6210cc2c65b6c2eb081b1347de72
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: f3f44c80244f6e552dd01318cec562c1afe259ac26a1b27af523176338b4bd35
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
java-17-openjdk-17.0.7.0.7-1.el9_1.src.rpm
SHA-256: bf7f7c83e1672001b31459f2b624849cc221d19a1d8c80470e02337681221324
s390x
java-17-openjdk-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: d096fa2637e1f7236c12e0aa1a6fca5fb5515ccb9cf5af97bd5aa5709a241ce4
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 91faf26225eed43ed0aeea68f78fed067e404acaab5ee30f179595fe654f9b07
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 682b75ccba7d1050844c23ebfc332ba7aac7a6d91ea1be71c733418a675bdce2
java-17-openjdk-demo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 5102801387b030481134c794da2ad3b9f800a0ac7a5d2129bbea4279fda58d9b
java-17-openjdk-devel-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 2fa9443becf82f5637d06d8431e2e76d7fe41a7b896a4e7c7e755f9ea69e6a3f
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 9e56c9b9f37f2104c3479fa9ae2c62fb56097dffaec295bc8397e7bc65a4efd0
java-17-openjdk-headless-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 35cd6c5f56fcb57776db5c027134804cb57d5811cf98775a4b2f9ace0436f40d
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 62f4d6d2b3cf416fe689ca4bb322e85eae2c7ec811445fe27f7ddd051fd120a8
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 2d03ded8602a743b2cb34a96cd3b9ad239d244577a1f450d853e2dc6e4ddb92c
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: c753999b996e4725bbf0273c41c145ce066e3057170068eefbd103be75978d12
java-17-openjdk-jmods-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 461ec4c72763a9cc9932fdc49a63126a8301d06e966c2ffb46c4e1d88017edaa
java-17-openjdk-src-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: befd6ad49329cd78c74b882ad6598c267cd8c79462412aaa5b3ce6b4c9410c8d
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: a2b182b9c76edecc6fbfab23c12a8a9bf0b946208eb064ebc49481d5ab94a37e
Red Hat Enterprise Linux for Power, little endian 9
SRPM
java-17-openjdk-17.0.7.0.7-1.el9_1.src.rpm
SHA-256: bf7f7c83e1672001b31459f2b624849cc221d19a1d8c80470e02337681221324
ppc64le
java-17-openjdk-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 8b9583bd02be62f4bed80ce05551e175dac137f0986fd05399dcedf601d56b16
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: d424b0333c03f1e773c49d2393cf0a6c64185c618ca4ced7d20753fc0edeaf00
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 8aa9165db13b6970643911f710778d1e4111c01605e659fc650298a92b3dc77f
java-17-openjdk-demo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: d39d2a2eeddfb89e7d38db0a6a2ad17b4ec81334b8348aa07875d01b6a8de258
java-17-openjdk-devel-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 39c1ed468c43310b205b4d3f9f1c9ff64c6aa99a06e8cc31889f8c9637a92798
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: e515551ec5ce46c4ea031f66dbb2343f0a58e2dad68c49c7e25b331b11122e77
java-17-openjdk-headless-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: de06513460cd8429c41f159808a1746db1224a54c4f001afbd5e627cdce93d3b
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 29499abf9977d1595829be770c3bea231905e00000770243c4c805b115104553
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: e9de03eeab48068148085594f6b03290e292f8373258864146b2132df5c6cd16
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 7bb1fcf5fb51e93d71b9dc9c00ccca256e67735c9db8f64ffbf8981f9587633a
java-17-openjdk-jmods-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 3e24670e5d8d83b06cc5419bd7c80b3ba7ccb8df567f13f575c04d709651796f
java-17-openjdk-src-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: d1ad193833713231bda877cb6dcc7609a0ae46dd8c4133e72f6f8ad8ce0ab3f4
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 3d2d287127c18eb5570903e52b9805016e4cc1f3533af6847a8db98a700373c9
Red Hat Enterprise Linux for ARM 64 9
SRPM
java-17-openjdk-17.0.7.0.7-1.el9_1.src.rpm
SHA-256: bf7f7c83e1672001b31459f2b624849cc221d19a1d8c80470e02337681221324
aarch64
java-17-openjdk-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: cebdf63f7f6d0963b9d86690ff745060e789c6142e8ff4b19ead5dee678a0f19
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 963e907c7dd43dd4138c734e4e1b57374646440879002bfad3f3c2d0cd29ab88
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 8ef346b77045ae12f969852a1d0217939b72a28e34be286268720434b79cc794
java-17-openjdk-demo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: e7e4f4e20081e9a7325d8aaf36a4b5966f9efae64a694263ba2725785dde087f
java-17-openjdk-devel-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: bab7e7924beff299d34f46975cb7803c28a0b4dab1ab0256e9aa92ac9f4839db
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 97e4991c1755a5bb0c78ba3f463b6f8ec5f905d6393b6baceffd91f868c99408
java-17-openjdk-headless-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: dc0f720e8af786d564fb70318f82441c31952fb6ba39f5612ad69c13d5eeec9e
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: a7917592377acfa9d76112050d1e9cda406b5cb10523535fa0bac101a07f59da
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 1af47132a940fa73261036cbfdffd48d09105a1540ff2ac5960e0af682420dc0
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 375a262a42cfc0db1f566c7361c89ea31022b177b23f0894725ab05270a0c064
java-17-openjdk-jmods-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 7cb0f626da6cf2aa2f3d82a5d8e1ee41a9efa1a4eda5a236e55688f5425c5ed3
java-17-openjdk-src-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: ff098500ff827bfc87e5d4135e60bfb2d69d7f8d11772273db7a0f7fb55c7aed
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 14bc397eaf11177e932dfe2ebefca7d7050b0abd6381a8a192bcc9291fd27d14
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 0afd36906b4d6e279c287d62feb2d165c55a163096589067c06a87eb407cc4db
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: d5d649c6ce3e5973c37e4fcf3217c836f5ef57afde8991bf1f46ddbabaa236b4
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: d190c626fe84774a83519791646c7b3eee0c054c94c3095f0ce2e1638dab9fbf
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 48aa27e37ec14e59b4a0525d2b45f40d4dad5c99577d6d508ea77266cd4de6ff
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: f52185fc44ca9a24088b44bd0cf32dc0f0bb745423b63085ff10aa338500bee8
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: a2261447bc3afb44490c0326dd63a054382f6eaca188e593493524f956af2c8d
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 7faa3405aefaa92a412116bc561f7e0f4613ed41e6d676f30ed99b7668dbafc6
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 280e89c230492d3b464bc8f0f5af62b5266b669a2be6f73fdd64cd8e0a90620e
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 4784e383d684e0e5dcc6e4acbb46b88182d8d30bd14c3d851da26e88beee0440
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 9f432bc2aa3ac8fc0284cc4ac4960ccb1c7fd22cecba65a977492a0b002025f3
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: d8dafe2cfb01e4c43ebbca25186de947d61bd6beab3b12c3b0c2c26aaa9491af
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 3df5de58d73130b1937ede48290a6c11c83bdec8e280df75c6805ebf65654831
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 36d0056fb87424125882e8bdfed62755aa88ea93b8f77936a4d10902550d91c0
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: df34ce14371545a50e4a059d2c1afc4b663982bb9c5dbe4037623a9560dd7d3b
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: b8a276a8d4638112e224aeac98f46322f366ea8d823c3ba773ff3d0a0b4b9f96
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 352428bd1e18deb4a68edfe61df016ca374533805f731786fa7c66088c794592
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 675877b6b6c30a605df9d34f9b3baa20c412bd5086f6ea0f2b94b9af616c8d58
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 5603c5180a4a927a04a46e36cd77dbfd5f0dabe2061b680a92059853ae75fa61
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 3c12f0b614ade203ca0179534a7936e0c9114c583a11eacd5ccb7b84b28d8660
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 34fcb45a1e475a5de3740e87e40c008c420a78ca27c264caf0d45707a5895b8e
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: fd0ecfc3f11c352eb00bdaab9e2a21241350fe60eb02a435c1b1734c725c7a07
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 27f459ba2887aed99c4abe85dd0db1593bf2d3e81f7cf92f4145ada141e98fc2
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 6f21f62fcaa32c6e96200afe691e2132cc5ee4314324e77d81bffb3edf005fdc
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_1.x86_64.rpm
SHA-256: 2fb31491c50cdb174f1710e3b5b022e0e767e912eb5d84a2a4cbb0b0835f2be2
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: d424b0333c03f1e773c49d2393cf0a6c64185c618ca4ced7d20753fc0edeaf00
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 8aa9165db13b6970643911f710778d1e4111c01605e659fc650298a92b3dc77f
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 3363216b76f5fb2678e15ad22e646f5fb671e09eca7f17d5dfa64cf2b2306bf4
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 862da6a25c24f9dd29eb37c534af4ea608c3456c9335eb14657eaa000033fad8
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: e515551ec5ce46c4ea031f66dbb2343f0a58e2dad68c49c7e25b331b11122e77
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: ef353c288d5246c1e069937767723cc8161b7a75953a216ee47319963c2888a2
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: f230eeb6c903ff52a220218cb1734ccda9743e9950976713b14c8e1bddc5777c
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 2a8b716834d04bad63cbacbf7a0aa2ae383aab00518c33204d85724f993338b7
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: a36579b1f8b9155fa4d7f3f4de37e2ad31a2dbf1db2e5a197243032eba7d65af
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: cd43b5fc00fd10a2cbfe4305b945dfd9839fc4fe91ee44966d3c63a696034cb7
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 4a8e9832ded1fabd1cd4c223c9e71edefa10b7b672715b364481df73d275f097
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 29499abf9977d1595829be770c3bea231905e00000770243c4c805b115104553
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 55a03b7bfbe90b8d27f48ddbe12ffa62c9caf5a142572f38967610b4cb68e48e
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: fb01b0bd161773ad6b4c36eb5c3d06b10413045b5b4c8e07842614d5ad87ef9a
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: b2005610d0fde66880573271c93f7d96ca058e4cd6802bd427adc7fc02649506
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 09172682d9fb50ab0f2e28f2500f4133081efe0ab61c78fda8aeb1416bbd1e7e
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 12680eaab481508421834b664404ced01c65bd4fabca2c18310788715bbfc0c2
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 26c8e1c230bb30ec3424ecb9cdbbba1bfc2183ebb4927b8610ca554beb01d9c1
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 343fb3c442c4496431e6f9162014bafbdf1bf03f86f8039494b194a34fec9f13
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: bc78fe678d4c4c93232d1b14ed67f49d05b18e4c902ac6da9eabbe00af7f99f0
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: e3fe68177e7adefb2ce2b751b612befbfc54aed61cd3729de94e50a804be868e
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: c01621a85f0ce242871bae37ac4ea70d6dcca2b65a704bda906efa0b57288413
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: 3a007140efb1a1e0df7c053f4e292b05b8083f9798c26dcf7c69e145e4f4f7d3
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_1.ppc64le.rpm
SHA-256: befc07289ad1b51afcf555f827be7c145799618f5093da388dbca419262346a9
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 963e907c7dd43dd4138c734e4e1b57374646440879002bfad3f3c2d0cd29ab88
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 8ef346b77045ae12f969852a1d0217939b72a28e34be286268720434b79cc794
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 007d407b0ea54ec568b3118d0093582120d298d4a58ffc37a36705c37fb5a5a4
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 9343dd6c42fd72cd5e6790c72f4d8415ecba7e257a38379a2c51ebcf420002ac
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 97e4991c1755a5bb0c78ba3f463b6f8ec5f905d6393b6baceffd91f868c99408
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 0bf9453cc7b06182064b90c96a7002a76c880201a8df11db343d83bfe54d70b7
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: c2769e603b3065da856ddd6c27fd92d95fed1f6d29112694c7521100b83274a2
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 1548f4151f2e27d18d875d97cabb591ce55d70781a498b645c1d4a944d0990cc
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: d75bd9342a6a869321278d542e65c7c0e3bc029f6f13e1d4c5bddd96205a4c11
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: c9f4a89f019324bb9b5bf4e9ce8fccc93b90267f229912041406b7878593c8e2
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: bb9f14f5eb56a2c2f38117ceb62673e8e93806dc5f0aaf80b870d5da716d396d
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: a7917592377acfa9d76112050d1e9cda406b5cb10523535fa0bac101a07f59da
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 7190fe4861f53620e25642fed44663c2a67af401c97cf0a92853ab0cbb05a20f
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: ad2f7f25acdc32a04da3087450b58e33d4bfc893201bee73dcfa1386773394df
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 7a851ce21131c58e554dc90e3800e0e30212fef269a39bb861b20be554852003
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: eb167604d950fe9d2ce785a3bcfb1848f22b3d354ca9b74f30c545c45be5775a
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: d4f166415ccb88389ccba04b3f9563c178f40efc9a8622d680b69c2e7f4b8842
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 65f1e9ac754d3bee1c5ae90d57ddd474ddea3a161bde4edda420a905888b3d0c
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 8b1f7b3da1e53747858aa4c2ab6166f31f449bd938a5c767410dd17aad51cc2a
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: b96d3ee2edf22740ca3adf6f622f9ec5c2e02fb66d9ea41268f22706dcaba689
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: d605b19b21aa77a294831bb3e695db363ac4485a94af4b8c9a3f3342b104c810
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 119e16cb8683b2416c676ddbb898df34a4fea9748bf1e534b2c2bdbe7c15d811
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: 79a753b2c9a4cabda297bb4070123e28b4d261316c3e3865346736155bbeaf3a
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_1.aarch64.rpm
SHA-256: b212f59461bf2406d50af6cfdb7394a60554eafe91b265b3c1df3f660b8d1d07
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 91faf26225eed43ed0aeea68f78fed067e404acaab5ee30f179595fe654f9b07
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 682b75ccba7d1050844c23ebfc332ba7aac7a6d91ea1be71c733418a675bdce2
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 59a399b3005277150da3bc17412b697de71167cd5a4dd757ebb9cffb33716ad9
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 9e56c9b9f37f2104c3479fa9ae2c62fb56097dffaec295bc8397e7bc65a4efd0
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 6e93efc0d2a7504f041270d5099d9ea81b5f5ef24dc7cd30ad4b859ee9ed164a
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 27cb2ff13dc9529190cb2810b31924a7b606f7079006a195306b6f560cb56ba3
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 62f4d6d2b3cf416fe689ca4bb322e85eae2c7ec811445fe27f7ddd051fd120a8
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: f4ce7b978a4dbbf00e75c08f2f84f601da387d599254f40fa46327d9f16c1738
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: bb9ae6ff8fa0146e723e7a557af9b6a5d05f925d83121b190fa0f9d3896cd4f8
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 91b6c88469b0428c776567f56306d7141bfa8a24931177a24253030d07174e34
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 546e2e8bde77c37846e31b01341a67cad4c56dc9f955e3a15ed9ba1312ed6807
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: b361fcaed1a3f802ef5d8dce71c0422f49cb5dd5bd0cdd74bb0f00e15c8ea0bc
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 1f683d4e1cb0ffb265bbb13506b6e2adc59f0d3a3d0406d515c2b86e35e710b8
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_1.s390x.rpm
SHA-256: 82bfbd99e53d5925b9b68ccdca648a209b453639d658ad16ab7c863c467e31a2
Related news
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacke...
Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.
Red Hat Security Advisory 2023-2710-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.3 for use within the Red Hat OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include denial of service and information leakage vulnerabilities.
Red Hat Security Advisory 2023-1884-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Red Hat Security Advisory 2023-1891-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1889-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1910-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1903-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1908-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Red Hat Security Advisory 2023-1904-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated att...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361...
Red Hat Security Advisory 2023-1899-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Red Hat Security Advisory 2023-1879-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compr...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnera...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21930: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attack...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...