Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.

Security researchers have revealed new details about how attackers are exploiting two flaws in the PaperCut enterprise print management system — used by more than 100 million customers worldwide — to bypass authentication and execute remote code. The flaws once again highlight the risk that enterprise printers and related systems, an often overlooked threat, pose to the overall security of organizations.

Researchers from PaperCut as well as security companies already have warned that attackers are exploiting the vulnerabilities — patched by PaperCut in a March 8 update to its PaperCut MF and NG products — to take over unpatched versions of the software. Moreover, the Cybersecurity and Infrastructure Security Agency (CISA) added the flaws to its catalog of known exploited vulnerabilities on April 21.

The Zero Day Initiative tracks the flaws as ZDI-CAN-18987 and ZDI-CAN-19226; they also are being tracked as CVE-2023-27350 and CVE-2023-27351, respectively, by NIST's National Vulnerability Database. The flaws affect PaperCut MF and NG version 8.0 and later, on all OS platforms, according to PaperCut.

Researchers at Horizon3.ai released proof-of-concept exploit code for CVE-2023-27350 — the more dangerous of the two bugs with a CVSS rating of 9.8 versus its companion flaw's rating of 8.2 — on Monday.

**Abusing CVE-2023-27350**

The Horizon3.ai team also included a technical analysis of how attackers are abusing "the built-in 'Scripting' functionality for printers" to abuse the RCE exploit. The Device Scripting page of the system enables the administrator to develop hooks to customize printing across the enterprise using JavaScript-based scripts and executed in the context of the PrintCut service, which on Windows runs as NT AUTHORITY\\SYSTEM, researchers explained.

Though PaperCut's Web application's use of dynamic form fields based on the last request made developing a script to interact with the site less straightforward, they demonstrate how they were able to do so in a proof-of-concept exploit they released on GitHub.

CVE-2023-27350 exists within the SetupCompleted class and results from improper access control, according to its listing on the Zero Day Initiative website.

"An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM," according to the listing.

Meanwhile, CVE-2023-27351, also an authentication-bypass RCE bug affecting PaperCut NG, exists within the SecurityRequestFilter class as a result of improper implementation of the authentication algorithm, according to its listing on the Zero Day Initiative website.

**Uncovering the PaperCut Bugs**

Horizon3.ai's detailed analysis follows a warning by PaperCut on April 19 that the flaws found in PaperCut NG were under active attack, urging organizations to update to the latest version of the product.

The company said in an advisory that it received its first report from a customer of suspicious activity on their PaperCut server on April 17, though later analysis revealed that the activity may have started as soon as April 13.

Researchers from Trend Micro originally reported the issues to PaperCut, which has credited Piotr Bazydlo (@chudypb) for discovering CVE-2023-27351 and an anonymous researcher for discovering CVE-2023-27350.

PaperCut also acknowledged a security research team from security management firm Huntress — including Joe Slowik, Caleb Stewart, Stuart Ashenbrenner, John Hammond, Jason Phelps, Sharon Martin, Kris Luzadre, Matt Anderson, and Dave Kleinatland — for aiding the company's investigation of the flaws.

On April 21, the Huntress researchers revealed that attackers were exploiting the vulnerabilities to take over compromised servers using both the legitimate Atera and Syncro remote management and maintenance software tools.

"Based on preliminary analysis, both appear to be legitimate copies of these products and do not possess any built-in or added malicious capability," the Huntress researchers wrote.

While the threats are split into two CVEs, they both "ultimately rely on an authentication bypass that leads to further compromise as an administrative user within the PaperCut Application Server," the researchers wrote.

Once a threat actor uses a flaw or both flaws to bypass authentication, he or she "may then execute arbitrary code on the server running in the context of the NT AUTHORITY\\SYSTEM account," the researchers wrote.

Huntress researchers also observed post-exploitation evidence in the form of a Truebot payload installation that suggest exploitation of the PaperCut flaws could be a precursor to future Clop ransomware activity based on previous investigation of similar activity, according to Huntress.

Huntress security researcher Caleb Stewart also recreated a proof-of-concept exploit to demonstrate how CVE-2023-27350 could be exploited, a video of which is included in the post.

**Who's at Cyber-Risk**

PaperCut MF is print management software to support various devices and manage print configurations for printing across an enterprise network. PaperCut NG is companion software for detailed print-job tracking and reporting aimed at helping organizations cut printing paper waste.

The PaperCut print management system has more than a hundred million users in organizations worldwide to help companies minimize waste and facilitate printing across the enterprise, according to PaperCut. In the United States, state, local, and education (SLED) environments are among the typical organizations using the software.

A Shodan query for http.html:"papercut" http.html:"print" showed approximately 1,700 Internet exposed PaperCut servers, with education customers comprising 450 of those results, according to Horizon3.ai.

In its protected environments, Huntress researchers reported observing 1,014 total Windows hosts with PaperCut installed, with 9087 of those hosts spread across 710 distinct organizations vulnerable to exploit, they said.

Only three total macOS hosts, two of which were vulnerable, had PaperCut installed in the environments they observed, the researchers added, noting that they sent incident reports to all customers affected and recommended updates.

**Detection and Mitigation**

PaperCut included a list of indicators of compromise for its customers in its advisory and advised them to upgrade, assuring that there "should be no negative impact" from applying the security fixes.

However, if a customer can't upgrade to the latest version — which could be true particularly with an older application version — the company recommended that customers lock down network access to the affected server.

To do this, they can lock all inbound traffic from external IPs to the Web management port (port 9191 and 9192 by default) and block all traffic inbound to the Web management portal on the firewall to the server.

To mitigate CVE-2023-27351, customers also can apply "Allow list" restrictions to the server found under the Options > Advanced > Security > Allowed site server IP addresses by setting it to only allow the IP addresses of verified Site Servers on their networks, according to PaperCut.

Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Case Studies
    
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

*   In this repository All GitHub
    

*   No suggested jump to results

*   In this repository All GitHub
    
*   In this organization All GitHub
    
*   In this repository All GitHub
    

Sign in

Sign up

craftcms / **cms** Public

*   Notifications
*   Fork 611
*   Star 3k
    

*   Code
*   Issues 349
*   Pull requests 49
*   Discussions
*   Actions
*   Security
*   Insights

More

Permalink

Browse files

Fixed an XSS vulnerability.

*   Loading branch information

angrybrad committed

Feb 23, 2023

1 parent dea6a42 commit 00fb253

Show file tree

Hide file tree

Showing **2 changed files** with **2 additions** and **1 deletion**.

*   CHANGELOG.md
*   *   Asset.php

1 CHANGELOG.md

Show comments View file

  

@@ -3,6 +3,7 @@

\## Unreleased

\- Fixed a bug where \`craft\\events\\RegisterElementSourcesEvent::$context\` wasn’t always set to \`modal\` when defining the available element sources for an element selection modal.

\- Fixed a styling bug where multi-line checkbox labels within the Customize Sources modal weren’t wrapping properly. (\[#12717\](https://github.com/craftcms/cms/issues/12717))

\- Fixed an XSS vulnerability.

  

\## 3.7.67 - 2023-02-17

  

2 src/elements/Asset.php

Show comments View file

@@ -1856,7 +1856,7 @@ protected function metadata(): array

  

return \[

Craft::t('app', 'Location') => function() use ($volume) {

$loc = \[Craft::t('site', $volume\->name)\];

$loc = \[Html::encode(Craft::t('site', $volume\->name))\];

if ($this\->folderPath) {

array\_push($loc, ...ArrayHelper::filterEmptyStringsFromArray(explode('/', $this\->folderPath)));

}

**0 comments on commit 00fb253**

Please sign in to comment.

CVE-2023-30177: Fixed an XSS vulnerability. · craftcms/cms@00fb253

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities.

    Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewallAffected Versions: <= 17.0.17CVE ID: CVE-2023-0992 CVSS Score: 7.2 (High)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Description: Shield Security <= 17.0.17 - Missing Authorization Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewallAffected Versions: <= 17.0.17CVE ID: CVE-2023-0993 CVSS Score: 4.3 (Medium)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.Vulnerability AnalysisThe Shield Security plugin includes a number of features, including an audit log that records certain types of suspicious activity, such as plugin and theme installation, modification, post deletion, and other types of activity that might impact the site. While most of these events require authentication or higher privileges in order to trigger, we found that certain events could be triggered by unauthenticated users. In particular, failed attempts to authenticate using application passwords, new user registrations, and spam activity are among the actions recorded for unauthenticated users.The audit log records metadata about the client that performed the logged activity, including the client’s User-Agent, which can be accessed by clicking the “Meta” tag icon on an audit log entry. Unfortunately, the metadata was not escaped when it was output. While most of the metadata collected about a request has a very strict format and can only be spoofed to a limited extent, User-Agent strings are alphanumeric, and we were able to inject a script in an iframe in the User-Agent header that fired when an administrator viewed an event entry:shieldalert-1024x454 While this exploit does technically require user interaction, it can be considered “Passive” user interaction, that is, it does not require tricking the administrator into performing any actions they might not have performed otherwise. Depending on the payload used, an attacker could use the script executing in the administrator’s browser to create a new administrator account under their control. Additionally, this exploit can be automated, and can be exploited by unauthenticated attackers via a variety of vectors, at least one of which is likely to be present in most common site configurations. As such it earns its High severity rating.The second vulnerability was much lower in severity and consisted of a missing authorization check on the ‘edit-theme-plugin-file’ AJAX action, which is used to record edits to plugin or theme files. The primary consequence of this is that an authenticated attacker can spoof an audit log entry indicating that any file belonging to any plugin or theme on the site was edited. While this is primarily a nuisance, since it can be used to create audit log entries it is yet another vector to exploit the aforementioned Cross-Site Scripting vulnerability.Disclosure TimelineMarch 20, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability. We responsibly disclose the plugin to the developer, who responds quickly and releases a patch in version 17.0.18.April 19, 2023 – The firewall rule becomes available to all Wordfence users.ConclusionIn today’s post, we detailed a High Severity Cross-Site Scripting vulnerability in Shield Security. We also detailed a lower-severity issue allowing authenticated attackers to spoof audit log entries indicating that plugin and theme files had been edited. These vulnerabilities have been fully patched in version 17.0.18.Wordfence Premium, Care, and Response users received a firewall rule to protect against any exploits targeting this vulnerability on March 20, 2023. Sites still using the free version of Wordfence received the same protection on April 19, 2023.If you know a friend or colleague who is using the Shield Security plugin on their site, we highly recommend forwarding this advisory to them as the Cross-Site Scripting vulnerability can allow Unauthenticated attackers to execute malicious JavaScript in an administrator’s browser, which can lead to site takeover.If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence leaderboard. Thanks to Paul Goodchild from Shield Security for patching the issue quickly.

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization

Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.

    =========================================================================Ubuntu Security Notice USN-6038-1April 25, 2023golang-1.18 vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Go.Software Description:- golang-1.18: Go programming language compiler - metapackageDetails:It was discovered that the Go net/http module incorrectly handledTransfer-Encoding headers in the HTTP/1 client. A remote attacker couldpossibly use this issue to perform an HTTP Request Smuggling attack.(CVE-2022-1705)It was discovered that Go did not properly manage memory under certaincircumstances. An attacker could possibly use this issue to cause a panicresulting into a denial of service. (CVE-2022-1962, CVE-2022-27664,CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632,CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715,CVE-2022-41717, CVE-2023-24534, CVE-2023-24537)It was discovered that Go did not properly implemented the maximum size offile headers in Reader.Read. An attacker could possibly use this issue tocause a panic resulting into a denial of service. (CVE-2022-2879)It was discovered that the Go net/http module incorrectly handled queryparameters in requests forwarded by ReverseProxy. A remote attacker couldpossibly use this issue to perform an HTTP Query Parameter Smuggling attack.(CVE-2022-2880)It was discovered that Go did not properly manage the permissions forFaccessat function. A attacker could possibly use this issue to exposesensitive information. (CVE-2022-29526)It was discovered that Go did not properly generate the values forticket_age_add in session tickets. An attacker could possibly use thisissue to observe TLS handshakes to correlate successive connections bycomparing ticket ages during session resumption. (CVE-2022-30629)It was discovered that Go did not properly manage client IP addresses innet/http. An attacker could possibly use this issue to cause ReverseProxyto set the client IP as the value of the X-Forwarded-For header.(CVE-2022-32148)It was discovered that Go did not properly validate backticks (`) asJavascript string delimiters, and do not escape them as expected. Anattacker could possibly use this issue to inject arbitrary Javascript codeinto the Go template. (CVE-2023-24538)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  golang-1.18                     1.18.1-1ubuntu1.1  golang-1.18-go                  1.18.1-1ubuntu1.1  golang-1.18-src                 1.18.1-1ubuntu1.1Ubuntu 20.04 LTS:  golang-1.18                     1.18.1-1ubuntu1~20.04.2  golang-1.18-go                  1.18.1-1ubuntu1~20.04.2  golang-1.18-src                 1.18.1-1ubuntu1~20.04.2Ubuntu 18.04 LTS:  golang-1.18                     1.18.1-1ubuntu1~18.04.4  golang-1.18-go                  1.18.1-1ubuntu1~18.04.4  golang-1.18-src                 1.18.1-1ubuntu1~18.04.4In general, a standard system update will make all the necessary changes.You still need to update all the packages built with the affected version.References:  https://ubuntu.com/security/notices/USN-6038-1  CVE-2022-1705, CVE-2022-1962, CVE-2022-27664, CVE-2022-28131,  CVE-2022-2879, CVE-2022-2880, CVE-2022-29526, CVE-2022-30629,  CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633,  CVE-2022-30635, CVE-2022-32148, CVE-2022-32189, CVE-2022-41715,  CVE-2022-41717, CVE-2023-24534, CVE-2023-24537, CVE-2023-24538Package Information:  https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1.1  https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1~20.04.2  https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1~18.04.4

Ubuntu Security Notice USN-6038-1

Red Hat Security Advisory 2023-1910-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1910-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1910  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

The RSAPSSSignature implementation works with RSA keys via the SunRSASign  
provider. However, it did not fully check that the RSA key could be used by  
the provider before attempting to do so, leading to the possibility of  
errors being returned with custom security providers. The implementation  
now validates RSA keys and will allow other providers to handle such keys  
where it cannot. (RHBZ#2188025)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)  
2188025 - Backport JDK-8271199 [rhel-9.0.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_0.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_0.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el9_0.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el9_0.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_0.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_0.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_0.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_0.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/QdzjgjWX9erEAQhveQ/7BpzqJBNpM0ESZL1UXaGUrrwPBjC8fdz8  
MkdfcoSp/8XtfxzWtUoqDgTD+wXrImIeIYSIwgCLBb6vDRSiOzBqLSLiDQTECS19  
J0N5ALLoZ7fDvCh9r5rrTHmnD/BZ5j8oEuzWb5MT4FIhXB/aWBvCsoIbpzkRrVNn  
V/s4nmCItwpO35vsxxSXLEIp+bFgb69foa+yIondcqGF8sslOsSyDUIxGFmE4Mli  
gl8vyw7NufcLSPPHNbl37wTwhkLMO2L6ZPRnOPOjV5toLJ+oopSnCDm9HjSmH4iO  
7LJ8GQkWO6FS2paQ5/Kvhz/2yxuUaNbzMMyhy8jeQtG69b/uUU2/9hD5XYCGLzXz  
UojsRsPee9BbeTk4o/mRWhTOuguYVEAxCHr1cn94MOYGE49dT5QjhBQRq2v4oOPG  
3+0YmKyga/9yaZozxa80w1WpWDQsBIYo/3PBtOuTNHJ1GuDuogyXVe+tUETIPE0X  
L8+7dbG7wr2PLD2sn0dRbbupck0rKxHB4dANdqoaUsTOEYf3dSXDWE8MsOAH/sPk  
izBjjVmDnRIaH0pAk6KWmui3pQMXTNm7FVcPdM4FvwEupOegJa+Urd89CXf/K4yI  
gNCCguKXDnui2HoC+GM+OZhP1SX4IJPCX2pL1q2Lt/ZoiIslRDWyRxYosHgcZxGs  
YbtIYt0v6nU=G030  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1910-01

Red Hat Security Advisory 2023-1903-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenJDK 8u372 Security Update for Portable Linux Builds  
Advisory ID:       RHSA-2023:1903-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1903  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and  
the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (8u372) for portable Linux  
serves as a replacement for Red Hat build of OpenJDK 8 (8u362) and includes  
security and bug fixes as well as enhancements. For further information,  
refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

5. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/QNzjgjWX9erEAQjhqQ//fn2oAyTO2vPd1JbEFzyCR2dXjqK1Acat  
r/QtWEYtHn77cZE83dOrDtu5PqNq4NT3j8hXU7nM5Z+uBzbx3Ywf5rmFr7XJSlm5  
Ia5yuGtArrnBDCg3MvXQL8ARIWX7ljrJFcWBBsPrqxVf28SHfU+wYttK1RDy3ww8  
nZE7R0VlWyA1Y+GqASvZ9O4jh2/J0kBEykX4TDYqRcCJVwh+mtGJ8H3YMQ0PO3aC  
VMmTv34dtgtSV9axLu2+v9Cb77oXdxwE22bT/8mhjWvCa6M6K+BLn2qsv7E4XyJm  
6/ExKZTq5tqkiV8gZafM8X+DJS0o+IZvPy+AP/hiN0MT4a20uQQ41w7uOMGqFrkc  
8cc+u0o4qutPqQVV/mboJAhFM/NHD3wvq8KaT9EJMqcibNP7dfJ9jPch+BuIoSC2  
CwCnoS6ZyDAMa+vpevzz9730K47XLLaMkXz+4gz+SyhNnIWeBRc0g33yfmTJBkI5  
UsXwBbGQzKxq9myNJ1m3iUEYb90hUi1u0MYKQYLW6VOqrMvl/b7zTXXRTB27f2mO  
IJoP7OdqEc9WridWuUYEiH/C6CfGIkR4UrnPHYgXbHYQGrj2cqXLLriFw9jpGqvT  
yFVEFVc90I4GtdUPlHGdcFMD8i8IseE6Lcznk2vjlRNiyuYVtU16w4ypUhQdRUKQ  
pEJ8agQnqqwÍLk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1903-01

Red Hat Security Advisory 2023-1966-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update  
Advisory ID:       RHSA-2023:1966-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1966  
Issue date:        2023-04-25  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat  
Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.src.rpm  
ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.src.rpm  
pki-core-10.10.5-6.module+el8.4.0+17580+3370c7a3.src.rpm  
tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff.src.rpm

aarch64:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm

noarch:  
ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm  
ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm  
pki-acme-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-base-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-base-java-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-ca-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-kra-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-server-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
python3-pki-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff.noarch.rpm

ppc64le:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm

s390x:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm

x86_64:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/PNzjgjWX9erEAQg4CQ//RnrpSmI7T6BcHybiaeWTeQzwZb0BpQX8  
vEQCJ9LRyHuuFZSsGH0yTNg6/i9tHBms3CJUKsyf4BvdeUTEl1lRFbVC1yqRfbbh  
Fq6+AqFe28mjG6DeJAlH+zZcpRnDwsBLQxnMKi30JAzcZKSXVa5imBS3EFx64HnG  
uvHuRu9Tf7FJiJAwWJhmZN7Njrqs/GbKNBHvIOjkWgDlpBPpAEl4nW7MZSZiuQ5I  
q5MAf9gcRwToYPV1tgAUTbYPbEXFA+0SsIrhC++y8+SRCkcdYfJzJB32N4hQenPa  
ErKC5zZ31AmwVdg6yIuDokUHkVFl0TPOPWwJEIAdn184dTmEyohCnIyPwakikc2v  
QSZ/3pUtc5q3b2fCgUxCGG17jrlg8kxtNCjmXlmAPcdRMG40SMme7djNXJRPvAQO  
me9ezRvlFKpESEklYg0AznDeZmEnYh3Wir5Xqmuoe2xgS5T9ZWvVDWR7X6Y2Zb8R  
xi3DCZIFWI5TRaZlPqI82MMFwxeI9nl88KjCZZ+eig3Hs/OiL7qE1bSBLerviq8j  
tLdXqTPV3Dc9FNHZWTvEAOXcKplmCNbd1w+ipq0Koxz5/FPsj1V7XpYBOOZngzXI  
u6umMRmxF8i+yjhosOy2wBLHl7uwXLghhBc0u3Wz0HRI9T5RgmzV9DHT1B/rEarc  
jhTEpvPmreA=EN+k  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1966-01

Red Hat Security Advisory 2023-1912-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenJDK 8u372 Windows Security Update  
Advisory ID:       RHSA-2023:1912-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1912  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and  
the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (8u372) for Windows serves  
as a replacement for the Red Hat build of OpenJDK 8 (8u362) and includes  
security and bug fixes, and enhancements. For further information, refer to  
the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

5. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/QdzjgjWX9erEAQhqTQ//XYgKY9fteDQ/UR+mNh+qyRkKmblOogQH  
qsAO79z5wPJ5V7y1Ugpc8qFIZQVnifOmDyLMaUDuhLaqd9rorFHZN3QDgi0hYEwQ  
FVdmr63aJdUCDGMado0C+G7w4Mp8U9Gn9Ri4W4JnV6raEHTCCMSP6GsIse/zXOr8  
lYDbh10t+/lNp6DyLvxbMpmYi8Nbz/AxGBVfKFb4pd8YU7bbxrr0iiiDagZ7tReB  
BAMyTspTry1cY3C79U6uNqdTiobMjI9O7BmuZPyRSZHxiW9zCAzZ5qoLy/K9HDzU  
1KC9TVCSNdlEeHHPd1+K4zyX/Ne/7IVJCI1c3QBmWYQPKbdDjG5UGrGq6c4XoJVv  
gWxeI6WcsBgDmp2TMWt3BRntnWZueQz7LypPBuaahI21eyCtFQBhk95UTSSEsB5j  
z221+mXKC9ImY4D9OMK89Gpms7K/GkZlACvlU4YaTLG8zOoEqQJquIkE24BYeb3R  
oVQBE/MD6r4rcVA+YAQF5+8KWKkyQDRK5pSPFAYwOWDGl6mFvpb84dIEtVLv7m/8  
V69xHPupVBpvovaAYA+0Fxxr9lr4761C8dTAj92ZaZOqg/77xcPI0y2Vt2Js2TDe  
DpZCeY9IrJ3Q83MXXgHBmkHKsmz1SvxQWHkz9n8oUfFJR8/RmwMff1ICYPQmoMQN  
259zQEQfg+U=J703  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1912-01

Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1907-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1907  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_4.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_4.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/PtzjgjWX9erEAQjNMA//bpp1jGrB3u5Q2khidQCghVv1Ggpr0Pzl  
n/9ujekG6aztyaTFSfJsX2CFZJmlCVT8v6UncZgSxeQ7KiOqNhESoTVQr+KyxVoZ  
YmpDr0HXWsa6y3KNERUBUdJ4vlbegky1jDvBPsQkzO9rijAl7/KRcP/cxntWupk0  
LyYrZWD9G8mBAalNDMozQD2C0DwFsi/R+GOQRFcP5GdIUUE+/676Xnloua+5W2wJ  
7MDi0LDQ2DpIm2DjYxpDOEgvxxMdy2OitDVJMs49xEvUkTKQtW0wNi3afMZhnvVJ  
SuWiqeavY7L9x6IAphIZXt2Ox9H3gCCflF1gk+00V0UI1OpKTTsTeZrHBN9QMy+F  
Bfq5No79e/tP5eK+NIcaWW7vHtTp3RIf08KBj4Vfh0tY4iSRx5NzQrJD94tQiZTj  
CnooNmgwOiZ6u5C9EoEpe6lkEsBXqzT3MdrxDr1m2gbGU6i4xWK9xmCYhMaoZ4XA  
mwJauSnF6z2WeET6U/qA7N816aRe2dDwTwUox8XQIdJDd2fFCi70OkbKMmyMzrGM  
GggQdCv0doE18/+g352FnsGgVVM2dsKY/Kmn5Ow+cyJLyvmu5D+3Z/8uzjJzgKr0  
1RBrVDjOL+VJv1NMi6PtjSWvuxD4JiXx4MW4yYksAoN9LGjbcgDxOc8vgGGmkqUG  
U/hqThgIrAE=jYFe  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1907-01

Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1905-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1905  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEdq2dzjgjWX9erEAQiy4w/+O4vjc3V2WMpVz7EOHM1oHj50IH0plj1f  
IoC6Na/IxcN+D0le1pxSyEqNU+B80ZLtFuuWkM0qlImAD6FtWkBYlEB+M2mY8LC4  
+BaiLYjmnkhrTocjay8sGigkkhvnuvTwejwcClou19JQvscrnqVp6SjweMsc8uCl  
PWtBvd3Xs41QFkPdEu2eAXrrcoKMazkIOdSfhclyOuftAeO11KF0no+3p1jNewRj  
n27VhLiKnUmKycykewNrNJE6o6NyFw+Pw/VH7Y7Aqj2SfWAYCoy41aKSFG0Kh46U  
q2xEYjTOrIG4UVZjiysqeZu+wjlSd2qZhN0LKZY4DE3UVhHGu05elcoeW/0ok7WB  
l17HxAluDgHGY9wvmw3v4MRDbmWoyIPRtDmaQ4NP3+pW2K9jaS2fkvp//cRHs/Fd  
4Imaf3R9DOdxsfYKiqO6FBfWior5HAXmC3hJ0qeZiRRvGlo8m7y+B1yJ87UuGeZF  
MIBfBJubXI9l1XA3HBOjCKmU/nZ/LMUP+tWS8mQXNrWLZTcOI7+Kw8urJ87EbVcE  
6trxSoAK+mXYwX/EyIfgrxDL5zx+z0x+vjBK7dH7qHgNoGZpcCcK0feUUCUv01LR  
qYchqDDf6EK647q+CNfRDrpn92Yn6zVrgVFE/7T/0Jn5VZb4c0z0soTqHJw+mkCr  
TDwM5IdhMRo=rO/o  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#java