Headline
RHSA-2023:4876: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-22049: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-08-30
Updated:
2023-08-30
RHSA-2023:4876 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: java-1.8.0-ibm security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR8-FP10.
Security Fix(es):
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of IBM Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
Red Hat Enterprise Linux Server 7
SRPM
x86_64
java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8
java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265
java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0
java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: fc1a3d6d52b17976533342044c9d39a2d9330fa8425883843be3df2a7612fd08
java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 04f1c3e1da708c0f78d40bb9c2bc4d46901a669253322110082763d784a8056d
java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c
Red Hat Enterprise Linux Workstation 7
SRPM
x86_64
java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8
java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265
java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0
java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: fc1a3d6d52b17976533342044c9d39a2d9330fa8425883843be3df2a7612fd08
java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 04f1c3e1da708c0f78d40bb9c2bc4d46901a669253322110082763d784a8056d
java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c
Red Hat Enterprise Linux Desktop 7
SRPM
x86_64
java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8
java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265
java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0
java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: fc1a3d6d52b17976533342044c9d39a2d9330fa8425883843be3df2a7612fd08
java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 04f1c3e1da708c0f78d40bb9c2bc4d46901a669253322110082763d784a8056d
java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
s390x
java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.s390x.rpm
SHA-256: f09c8e229ef27ae2be27d62d9e59d818a5bf54474ddb94023a8422ae2aa5f691
java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.s390x.rpm
SHA-256: dae8322c62d109da76ef5a7d23752a9022f2aaf5424bf981d6b02ba2bde5826a
java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.s390x.rpm
SHA-256: 97b5b6705fb03d4837f502fd1577df13306b9805a790955a81c96ac1115734a7
java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.s390x.rpm
SHA-256: 92790d85a224b8675a42dc052cc0a82944bbd825595fac59ae7fa061b787c03b
java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.s390x.rpm
SHA-256: afdea4e6889f55c7eeb92e06dd5573eba4777ec4fdace33fb64b24518d2841cc
Red Hat Enterprise Linux for Power, big endian 7
SRPM
ppc64
java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.ppc64.rpm
SHA-256: 983922f38f38ab9bf91763f53d2521f0cdaa5d546709384db49b7879a31472bc
java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.ppc64.rpm
SHA-256: 03d1be3d5a06ddcd309c62b692d8c10cad1a98f723d7664a836073cb9a51e6fe
java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.ppc64.rpm
SHA-256: 0f61df31225536d4d4307ade34c8edd1bc0b4305614145b1076f5b2427e585d8
java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.ppc64.rpm
SHA-256: fde8c2320a40ae98a2ace18ae5897d769bbb3466edc367356e6d668ca1a3c098
java-1.8.0-ibm-plugin-1.8.0.8.10-1jpp.1.el7.ppc64.rpm
SHA-256: b9c22f3cc9d17a9a6f30452c2b200315dcb32d78ac38e860e36545c1da1da147
java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.ppc64.rpm
SHA-256: e9e47b4fa18e06ccd039ee033142c3765f31f7da21ff161e08df729599f132c0
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
x86_64
java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: ea0d7aa43a475efb6fb5c60dc6dcdcacee14d4f2d2cfeb3f6206443e7e6e3bc8
java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 0c53caebd13d3e09bcd5390169c1479897f12b89f59da9098457030676629265
java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 368df363fb273ca3f91055dc2254a39aebdffa8a5052aade22a93317674032f0
java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.x86_64.rpm
SHA-256: 5ec5895e8b34f9224ba3b88da7c50c614104bf6d088f8ad524f0fa566209572c
Red Hat Enterprise Linux for Power, little endian 7
SRPM
ppc64le
java-1.8.0-ibm-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm
SHA-256: 53cb0bf344e76759958491c92926029951ff143667e33247408d66d9b12d07b7
java-1.8.0-ibm-demo-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm
SHA-256: 791a44ce03aec5573f28196d31006d0b3e32b94f275093e6af7b7d7bc3bd21d6
java-1.8.0-ibm-devel-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm
SHA-256: fa9329111e7ac9dfce719ee8866f90585274c8e19d0e248c79a3726b52788ab6
java-1.8.0-ibm-jdbc-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm
SHA-256: b43e2bb643db2a0a91e19b96df4a889ae655cab3a7b2979d2db4091ecf2d9489
java-1.8.0-ibm-src-1.8.0.8.10-1jpp.1.el7.ppc64le.rpm
SHA-256: edf023bf6fd26fd27c161e0a657561603540e99bb0779d0096819b03160d9d5d
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202407-24 - A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. Versions greater than or equal to 7.1.0 are affected.
Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.
Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22006: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauth...