Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4876: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Red Hat Security Data
#vulnerability#web#apple#linux#red_hat#nodejs#js#java#oracle#kubernetes#aws#graalvm#auth#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-08-30

Updated:

2023-08-30

RHSA-2023:4876 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR8-FP10.

Security Fix(es):

  • OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Red Hat Enterprise Linux Server 7

SRPM

x86_64

java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8

java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265

java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0

java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: fc1a3d6d52b17976533342044c9d39a2d9330fa8425883843be3df2a7612fd08

java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 04f1c3e1da708c0f78d40bb9c2bc4d46901a669253322110082763d784a8056d

java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c

Red Hat Enterprise Linux Workstation 7

SRPM

x86_64

java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8

java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265

java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0

java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: fc1a3d6d52b17976533342044c9d39a2d9330fa8425883843be3df2a7612fd08

java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 04f1c3e1da708c0f78d40bb9c2bc4d46901a669253322110082763d784a8056d

java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c

Red Hat Enterprise Linux Desktop 7

SRPM

x86_64

java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8

java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265

java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0

java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: fc1a3d6d52b17976533342044c9d39a2d9330fa8425883843be3df2a7612fd08

java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 04f1c3e1da708c0f78d40bb9c2bc4d46901a669253322110082763d784a8056d

java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

s390x

java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.s390x.rpm

SHA-256: f09c8e229ef27ae2be27d62d9e59d818a5bf54474ddb94023a8422ae2aa5f691

java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.s390x.rpm

SHA-256: dae8322c62d109da76ef5a7d23752a9022f2aaf5424bf981d6b02ba2bde5826a

java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.s390x.rpm

SHA-256: 97b5b6705fb03d4837f502fd1577df13306b9805a790955a81c96ac1115734a7

java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.s390x.rpm

SHA-256: 92790d85a224b8675a42dc052cc0a82944bbd825595fac59ae7fa061b787c03b

java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.s390x.rpm

SHA-256: afdea4e6889f55c7eeb92e06dd5573eba4777ec4fdace33fb64b24518d2841cc

Red Hat Enterprise Linux for Power, big endian 7

SRPM

ppc64

java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.ppc64.rpm

SHA-256: 983922f38f38ab9bf91763f53d2521f0cdaa5d546709384db49b7879a31472bc

java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.ppc64.rpm

SHA-256: 03d1be3d5a06ddcd309c62b692d8c10cad1a98f723d7664a836073cb9a51e6fe

java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.ppc64.rpm

SHA-256: 0f61df31225536d4d4307ade34c8edd1bc0b4305614145b1076f5b2427e585d8

java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.ppc64.rpm

SHA-256: fde8c2320a40ae98a2ace18ae5897d769bbb3466edc367356e6d668ca1a3c098

java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.ppc64.rpm

SHA-256: b9c22f3cc9d17a9a6f30452c2b200315dcb32d78ac38e860e36545c1da1da147

java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.ppc64.rpm

SHA-256: e9e47b4fa18e06ccd039ee033142c3765f31f7da21ff161e08df729599f132c0

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

x86_64

java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8

java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265

java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0

java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm

SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c

Red Hat Enterprise Linux for Power, little endian 7

SRPM

ppc64le

java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm

SHA-256: 53cb0bf344e76759958491c92926029951ff143667e33247408d66d9b12d07b7

java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm

SHA-256: 791a44ce03aec5573f28196d31006d0b3e32b94f275093e6af7b7d7bc3bd21d6

java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm

SHA-256: fa9329111e7ac9dfce719ee8866f90585274c8e19d0e248c79a3726b52788ab6

java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm

SHA-256: b43e2bb643db2a0a91e19b96df4a889ae655cab3a7b2979d2db4091ecf2d9489

java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm

SHA-256: edf023bf6fd26fd27c161e0a657561603540e99bb0779d0096819b03160d9d5d

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202407-24

Gentoo Linux Security Advisory 202407-24 - A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. Versions greater than or equal to 7.1.0 are affected.

Ubuntu Security Notice USN-6263-2

Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.

Debian Security Advisory 5458-1

Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

Red Hat Security Advisory 2023-4166-01

Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4211-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4176-01

Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4208-01

Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4209-01

Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4161-01

Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

RHSA-2023:4211: Red Hat Security Advisory: OpenJDK 17.0.8 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...

RHSA-2023:4161: Red Hat Security Advisory: OpenJDK 11.0.20 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...