Red Hat Security Advisory 2023-1903-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenJDK 8u372 Security Update for Portable Linux Builds  
Advisory ID:       RHSA-2023:1903-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1903  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and  
the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (8u372) for portable Linux  
serves as a replacement for Red Hat build of OpenJDK 8 (8u362) and includes  
security and bug fixes as well as enhancements. For further information,  
refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

5. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/QNzjgjWX9erEAQjhqQ//fn2oAyTO2vPd1JbEFzyCR2dXjqK1Acat  
r/QtWEYtHn77cZE83dOrDtu5PqNq4NT3j8hXU7nM5Z+uBzbx3Ywf5rmFr7XJSlm5  
Ia5yuGtArrnBDCg3MvXQL8ARIWX7ljrJFcWBBsPrqxVf28SHfU+wYttK1RDy3ww8  
nZE7R0VlWyA1Y+GqASvZ9O4jh2/J0kBEykX4TDYqRcCJVwh+mtGJ8H3YMQ0PO3aC  
VMmTv34dtgtSV9axLu2+v9Cb77oXdxwE22bT/8mhjWvCa6M6K+BLn2qsv7E4XyJm  
6/ExKZTq5tqkiV8gZafM8X+DJS0o+IZvPy+AP/hiN0MT4a20uQQ41w7uOMGqFrkc  
8cc+u0o4qutPqQVV/mboJAhFM/NHD3wvq8KaT9EJMqcibNP7dfJ9jPch+BuIoSC2  
CwCnoS6ZyDAMa+vpevzz9730K47XLLaMkXz+4gz+SyhNnIWeBRc0g33yfmTJBkI5  
UsXwBbGQzKxq9myNJ1m3iUEYb90hUi1u0MYKQYLW6VOqrMvl/b7zTXXRTB27f2mO  
IJoP7OdqEc9WridWuUYEiH/C6CfGIkR4UrnPHYgXbHYQGrj2cqXLLriFw9jpGqvT  
yFVEFVc90I4GtdUPlHGdcFMD8i8IseE6Lcznk2vjlRNiyuYVtU16w4ypUhQdRUKQ  
pEJ8agQnqqwÍLk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1903-01

Red Hat Security Advisory 2023-1958-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:1958-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1958  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-28617  
====================================================================  
1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

aarch64:  
emacs-26.1-5.el8_4.1.aarch64.rpm  
emacs-common-26.1-5.el8_4.1.aarch64.rpm  
emacs-common-debuginfo-26.1-5.el8_4.1.aarch64.rpm  
emacs-debuginfo-26.1-5.el8_4.1.aarch64.rpm  
emacs-debugsource-26.1-5.el8_4.1.aarch64.rpm  
emacs-lucid-26.1-5.el8_4.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_4.1.aarch64.rpm  
emacs-nox-26.1-5.el8_4.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-5.el8_4.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-5.el8_4.1.noarch.rpm

ppc64le:  
emacs-26.1-5.el8_4.1.ppc64le.rpm  
emacs-common-26.1-5.el8_4.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-5.el8_4.1.ppc64le.rpm  
emacs-debuginfo-26.1-5.el8_4.1.ppc64le.rpm  
emacs-debugsource-26.1-5.el8_4.1.ppc64le.rpm  
emacs-lucid-26.1-5.el8_4.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-5.el8_4.1.ppc64le.rpm  
emacs-nox-26.1-5.el8_4.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-5.el8_4.1.ppc64le.rpm

s390x:  
emacs-26.1-5.el8_4.1.s390x.rpm  
emacs-common-26.1-5.el8_4.1.s390x.rpm  
emacs-common-debuginfo-26.1-5.el8_4.1.s390x.rpm  
emacs-debuginfo-26.1-5.el8_4.1.s390x.rpm  
emacs-debugsource-26.1-5.el8_4.1.s390x.rpm  
emacs-lucid-26.1-5.el8_4.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-5.el8_4.1.s390x.rpm  
emacs-nox-26.1-5.el8_4.1.s390x.rpm  
emacs-nox-debuginfo-26.1-5.el8_4.1.s390x.rpm

x86_64:  
emacs-26.1-5.el8_4.1.x86_64.rpm  
emacs-common-26.1-5.el8_4.1.x86_64.rpm  
emacs-common-debuginfo-26.1-5.el8_4.1.x86_64.rpm  
emacs-debuginfo-26.1-5.el8_4.1.x86_64.rpm  
emacs-debugsource-26.1-5.el8_4.1.x86_64.rpm  
emacs-lucid-26.1-5.el8_4.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_4.1.x86_64.rpm  
emacs-nox-26.1-5.el8_4.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-5.el8_4.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
emacs-26.1-5.el8_4.1.src.rpm

noarch:  
emacs-filesystem-26.1-5.el8_4.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28617  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/NdzjgjWX9erEAQjCSg//S/Fnb0Uwjcd0+Pr35bK5W0S/EfhvXbQK  
ZvCxZPEmPZ7BdpJv56seaCVzA85Xbeukkia76SJf8EZWzVqn4P/peQl2IxvbLxXF  
CyOeVGG+aXsAkz/KpSznKJK4KojlNpuOrWlMz3L0a+tB+AzbnoGiBGzjD0mlyoC3  
vTy9FqLR0KclwujxrXBnWi8MT3kgYoritDH3dXuE8ba5VhCSr02dTcyLw4KIQX/Y  
c8NRpFTXzTPRt2tJh47E414ciOpVZJOI2mTKDEEYZchvcfH5ZhjtWWCyhcfifA6n  
uG3srt2V0sKz7ga8qE3X6his1Ickh7Xfct7aJpk0Xwi9YAYAKcJeE6HQe1LIwhrw  
Iv0CaJ+hZeWbX3xP0tmbZPsDCIvfU2efhJtaUgPmyCD152SJnUkL6keAMyt1h0AQ  
vj+AbIdLrcAG3Y8T1r1tKoQC3lWElNKHFyeFGprRzHk7wWFzNOdCoi/h6dvJQ0Di  
fU/qP5WxsPU8EaTL+vlUMFYkYmKIFp3WwvLhKEGFbHC6RGkW9tSt61D3mRGz8LJs  
QDxKDbC89s3azY0n5/zqJcLiIavL4+amb7OMABAxWBwbUPjhG5xoKDflyKsVjCGp  
PbCa254kJOrY3tD9kFMSDhReouueX9L+XUUmMWqvrUjMMGdxT5HM9rUVfBvOE4wu  
/Wha8PmNr5I=wD2R  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1958-01

Red Hat Security Advisory 2023-1966-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update  
Advisory ID:       RHSA-2023:1966-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1966  
Issue date:        2023-04-25  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat  
Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.src.rpm  
ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.src.rpm  
pki-core-10.10.5-6.module+el8.4.0+17580+3370c7a3.src.rpm  
tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff.src.rpm

aarch64:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.aarch64.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.aarch64.rpm

noarch:  
ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm  
ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm  
pki-acme-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-base-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-base-java-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-ca-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-kra-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
pki-server-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
python3-pki-10.10.5-6.module+el8.4.0+17580+3370c7a3.noarch.rpm  
tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff.noarch.rpm

ppc64le:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.ppc64le.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.ppc64le.rpm

s390x:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.s390x.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.s390x.rpm

x86_64:  
jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
jss-debuginfo-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpm  
pki-core-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-core-debugsource-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-symkey-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-symkey-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-tools-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm  
pki-tools-debuginfo-10.10.5-6.module+el8.4.0+17580+3370c7a3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/PNzjgjWX9erEAQg4CQ//RnrpSmI7T6BcHybiaeWTeQzwZb0BpQX8  
vEQCJ9LRyHuuFZSsGH0yTNg6/i9tHBms3CJUKsyf4BvdeUTEl1lRFbVC1yqRfbbh  
Fq6+AqFe28mjG6DeJAlH+zZcpRnDwsBLQxnMKi30JAzcZKSXVa5imBS3EFx64HnG  
uvHuRu9Tf7FJiJAwWJhmZN7Njrqs/GbKNBHvIOjkWgDlpBPpAEl4nW7MZSZiuQ5I  
q5MAf9gcRwToYPV1tgAUTbYPbEXFA+0SsIrhC++y8+SRCkcdYfJzJB32N4hQenPa  
ErKC5zZ31AmwVdg6yIuDokUHkVFl0TPOPWwJEIAdn184dTmEyohCnIyPwakikc2v  
QSZ/3pUtc5q3b2fCgUxCGG17jrlg8kxtNCjmXlmAPcdRMG40SMme7djNXJRPvAQO  
me9ezRvlFKpESEklYg0AznDeZmEnYh3Wir5Xqmuoe2xgS5T9ZWvVDWR7X6Y2Zb8R  
xi3DCZIFWI5TRaZlPqI82MMFwxeI9nl88KjCZZ+eig3Hs/OiL7qE1bSBLerviq8j  
tLdXqTPV3Dc9FNHZWTvEAOXcKplmCNbd1w+ipq0Koxz5/FPsj1V7XpYBOOZngzXI  
u6umMRmxF8i+yjhosOy2wBLHl7uwXLghhBc0u3Wz0HRI9T5RgmzV9DHT1B/rEarc  
jhTEpvPmreA=EN+k  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1966-01

Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1907-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1907  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_4.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_4.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/PtzjgjWX9erEAQjNMA//bpp1jGrB3u5Q2khidQCghVv1Ggpr0Pzl  
n/9ujekG6aztyaTFSfJsX2CFZJmlCVT8v6UncZgSxeQ7KiOqNhESoTVQr+KyxVoZ  
YmpDr0HXWsa6y3KNERUBUdJ4vlbegky1jDvBPsQkzO9rijAl7/KRcP/cxntWupk0  
LyYrZWD9G8mBAalNDMozQD2C0DwFsi/R+GOQRFcP5GdIUUE+/676Xnloua+5W2wJ  
7MDi0LDQ2DpIm2DjYxpDOEgvxxMdy2OitDVJMs49xEvUkTKQtW0wNi3afMZhnvVJ  
SuWiqeavY7L9x6IAphIZXt2Ox9H3gCCflF1gk+00V0UI1OpKTTsTeZrHBN9QMy+F  
Bfq5No79e/tP5eK+NIcaWW7vHtTp3RIf08KBj4Vfh0tY4iSRx5NzQrJD94tQiZTj  
CnooNmgwOiZ6u5C9EoEpe6lkEsBXqzT3MdrxDr1m2gbGU6i4xWK9xmCYhMaoZ4XA  
mwJauSnF6z2WeET6U/qA7N816aRe2dDwTwUox8XQIdJDd2fFCi70OkbKMmyMzrGM  
GggQdCv0doE18/+g352FnsGgVVM2dsKY/Kmn5Ow+cyJLyvmu5D+3Z/8uzjJzgKr0  
1RBrVDjOL+VJv1NMi6PtjSWvuxD4JiXx4MW4yYksAoN9LGjbcgDxOc8vgGGmkqUG  
U/hqThgIrAE=jYFe  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1907-01

Red Hat Security Advisory 2023-1984-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1984-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1984  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0386  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kpatch-patch-5_14_0-70_30_1-1-5.el9_0.src.rpm  
kpatch-patch-5_14_0-70_36_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_43_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_49_1-1-2.el9_0.src.rpm  
kpatch-patch-5_14_0-70_50_2-1-1.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_30_1-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-1.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_30_1-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/OdzjgjWX9erEAQgufQ//fDXSzoikL1jX2sZ9p8xKP9k1n7ddJZSa  
uBwl7BJcsmZ6UxukTFGpgsHxzlw0fpwVWU9WJxgDkKXQ2SaqaL9GNWh1VAIZj2BQ  
FGXi5FuBn3a0F8+vDzWApNlgnxhHspqHtT+duh2S5oPQ4OCF7ha2nzI34NCZDomx  
xXp9RTblxIDYGgLwrBmaHhgJb2gddHJwQymADE1yi/qEdV9PmhAlJd1PozGkgrQW  
WJU5wSP2Ppx6rCgkNSKdkG+DaCTqtK1HouBgsgAbvU0VqdFZSPjhb48sXZ7roe45  
HesxY5ofH1ouKFwqWJPrkh0ra7nvSex1TWGXOjI+PMIoodDX5hb9Z7r1n7hz4/iI  
ZIIYF2W9Gg/6Et/lU8Oi5UqVw17287UbsfMWWpwVcm+mfQmhkU584us74o1VtQg6  
gAcU0yJE1MWPZrisQs+vNu2XHqX4Mdl5QyGU+mH6MjIQF2VDIYwhkbVPoyWdDnPH  
fI5jBmcJcpeOB0svwett1Q3zv++LZaxkhJwqgDbPiRw2RxYsOkJf9BqK28Qz5RH0  
hIz5/ayBz5xbAil7nivB4cSjhMilw+s17hwAMS7HtqEJQ4MUVYGbRJF+tEN5YP6h  
nldlLV/ehbFuGTn03ZCHSsg898GiX0DwqARhgKbGpNPvK+aYQ5Kw6q4Vzfh9dVYl  
qDiQifO1QgQ=3T1V  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1984-01

Red Hat Security Advisory 2023-1970-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:1970-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1970  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0386  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL9.0 64TB/240c Denali: "vmcore failed, _exitcode:139" error observed  
while capturing vmcore during fadump after memory remove. Incomplete vmcore  
is captured. (BZ#2151214)

* Support cpuset.sched_load_balance by changing default CPUset directory  
structure. (BZ#2161106)

* CSB.V bit never becomes valid for NX Gzip job during LPAR migration.  
(BZ#2166251)

* Update intel_idle for Eaglestream/Sapphire Rapids support. (BZ#2168359)

* An application stopped on robust futex used via pthread_mutex_lock().  
(BZ#2168837)

* FVTR1020:Rainier:Non-HMC:MPIPL Dump is not getting offloaded to Linux  
partition. (BZ#2170853)

* update qla2xxx driver to latest upstream. (BZ#2171812)

* MSFT MANA NET Patch RHEL-9: Fix accessing freed irq affinity_hint.  
(BZ#2175254)

* In FIPS mode, kernel does not transition into error state when RCT or APT  
health tests fail. (BZ#2181729)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.53.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.53.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.53.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.53.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.53.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.53.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.53.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/NtzjgjWX9erEAQg4Hw/+MS0isb6d7vJ3MAvho1yaLu2Mh/w8EpjY  
oLFkNbMDJdAtBN2JuzGaj2dQVLgCPcrqf3qPfpd9JdL85Hf456icTapJGuTIX1hl  
0iqJ+pQ+Ieceg/CVfxXMPXyF895tIE2WluxzLj1c8kiy1UaoUOkWUXAh7kk7XODU  
uutSThKf48BgPsSZZalEVs8+X91FBVf5ZJRI56r855Mv+2GHwjwUx5OwAfn2m5Wo  
cC0KjZ3rDuPcP5kYnuGsBV4agUv4h2ROnVoxW7GRRd8SuOA+/m+UNJGDzxq5Xcqw  
1n228NIgXynhkH/vn7h5phLY0aL83lylbggEcmVtX61+UUoV1j8hA6hIu4Z079Df  
ieHTF3vgk5HCbTDHTT612J9u3P2FjhnJBjANgb972RQRBmBj3JUT/jFiRhutYh29  
Jm5YVX7s5RbumZu3W6ZooCpdbYGl/nP3AisQEpSPwIWTzWxDiM6SQK91t1GSHe8O  
rXQPZSC95J/rKswfq0HMDnXKjLd0782gyw3VSaDL8zv/YUimhd8EBI666tEo/7iS  
oYa2G2t/+4TFkRJbTmObuPyFdBE/DigHk+S3m3WXMbQg2P0GLtIUP/9o9SK060wK  
EM3a1vcM/aL0x7JQl8fLYuAgVkYCAILrY+VWYhHpMnvuDzuckNsUemUdAYLmWgJC  
hE41PSho8MI=7+rr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1970-01

Red Hat Security Advisory 2023-1978-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: haproxy security update  
Advisory ID:       RHSA-2023:1978-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1978  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0056 CVE-2023-25725  
====================================================================  
1. Summary:

An update for haproxy is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The haproxy packages provide a reliable, high-performance network load  
balancer for TCP and HTTP-based applications.

Security Fix(es):

* haproxy: segfault DoS (CVE-2023-0056)

* haproxy: request smuggling attack in HTTP/1 header parsing  
(CVE-2023-25725)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2160808 - CVE-2023-0056 haproxy: segfault DoS  
2169089 - CVE-2023-25725 haproxy: request smuggling attack in HTTP/1 header parsing

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
haproxy-2.4.7-2.el9_0.2.src.rpm

aarch64:  
haproxy-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.aarch64.rpm

ppc64le:  
haproxy-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.ppc64le.rpm

s390x:  
haproxy-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.s390x.rpm

x86_64:  
haproxy-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0056  
https://access.redhat.com/security/cve/CVE-2023-25725  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/MdzjgjWX9erEAQifOw//Qhb7JBxHnqBrEeY88/Cs6dyXrd2Flhlf  
oh/W+10FQnxpUldkVovcXK2/hq2GkQ6LT0UN8fbDXaxfEpDSumpGWLRyrlARbfUA  
s7eBMr7QALnuHQ+UyXlSUrqgWkNIKUGH4UA8CvE3GLR+QOO/PSOf57viYWbsA5qT  
p9MBKB0C/8eoh6YIW6wOcptbIeAiv8E+RlktO16ECgmbZhELFZwMmezRba8uNH/P  
xDspWRWDzzjsRMttwRozVjqAxl/WVd0TDlhQ94DmjarH1+R8JzTTF0KIzONlIU1L  
M/HS7/T9yVmWjs4VAnRxNU8zWqYv9HaTWAcIQj4cwjiOSn7+hzlxp6mhK8Fkg1k7  
F2IuXFzOusylfknhadkDnX6F+Zh4lPRvVCVk2rmxNpI0Dm2M9YQV3lJ3NnNCWYfL  
ax7hCl3Dc0rVe8ntMfMSfAc8EGYG/G3U4IH9ZBZEoLkca37EZLX59SDp3Ur3jP82  
CLz24wLCT2z6fAbQI13s2bJ0DoHavwblpre2Cj7cfpNDOn689YRyTm+Moe0DlqUI  
P265iPiAxSabd82DWoOeNJYib2L/q/OKwxfejppq58t/f/GGHex5Xn2KjwUdV2CR  
LCI5irxUV2ASpa5ttf9fksOE2vlgS0NHBJXJ2OUb4Z9dqVUCjhraFzvuabt4Q5FK  
5JGOznhvAo0=0YyQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1978-01

Red Hat Security Advisory 2023-1976-01 - QATzip is a user space library which builds on top of the Intel QuickAssist Technology user space library, to provide extended accelerated compression and decompression services by offloading the actual compression and decompression request to the Intel Chipset Series. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: qatzip security and bug fix update  
Advisory ID:       RHSA-2023:1976-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1976  
Issue date:        2023-04-25  
CVE Names:         CVE-2022-36369  
====================================================================  
1. Summary:

An update for qatzip is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - x86_64

3. Description:

QATzip is a user space library which builds on top of the Intel QuickAssist  
Technology user space library, to provide extended accelerated compression  
and decompression services by offloading the actual compression and  
decompression request(s) to the Intel Chipset Series.

Security Fix(es):

* qatzip: local privilege escalation (CVE-2022-36369)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Intel QAT Update - QATzip (User Space Changes) (BZ#2178633)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2170784 - CVE-2022-36369 qatzip: local privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
qatzip-1.1.2-1.el9_0.src.rpm

x86_64:  
qatzip-1.1.2-1.el9_0.x86_64.rpm  
qatzip-debuginfo-1.1.2-1.el9_0.x86_64.rpm  
qatzip-debugsource-1.1.2-1.el9_0.x86_64.rpm  
qatzip-libs-1.1.2-1.el9_0.x86_64.rpm  
qatzip-libs-debuginfo-1.1.2-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

x86_64:  
qatzip-debuginfo-1.1.2-1.el9_0.x86_64.rpm  
qatzip-debugsource-1.1.2-1.el9_0.x86_64.rpm  
qatzip-devel-1.1.2-1.el9_0.x86_64.rpm  
qatzip-libs-debuginfo-1.1.2-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-36369  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.0_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/MNzjgjWX9erEAQiCkQ/+JXsRC31J5vn61tshdQX+2qQV8QvxZe0x  
piU4xN3Cx5Xi+KbPZgdPjyxKky3Kcftw+Bj6rXYN68buuFBvH+IRAfIVyBKzODid  
vB8s3a99z0+GTnX79nLYusqm5eUrN4u2G5ZUdIEvIOmaoyd+F3U5jZ0rBPbH26zx  
xRjwgh7zGA4lqHrFMOywxC55l5s2fFOd/Ot6xWUedOeIdArX3zcR3+2LnMHNsm+x  
F6im2KZb2V5Pwc9GGSGWSoMciC3HbNc0rZhyuacHvO8SM7lAJ5hqepWekM+C/NYw  
aIlcAj4UnLBm29bbZqIUvmBaG0szJE1v4Ppf1QQnT2pudt4cnrjDb8wcLU564u3c  
7uEKYUe9E/9iqJ0Bb2Ou3ad62SAIRoMu8U5nJ/d36L8Qbqt4c9Fpop9Hq1HZerVO  
GpkZEIWPYH/S9kF5S7gRCTRL46niRhfr4nEoUm34wRDyhmhg7GiOVlPnLVjNiMSs  
1QCipVePDlUC71NS9d+FXPIQI5VRITwafPstQ9sOmiL0tz3mOsqD62shk5+EbW9p  
KN+VMRkbqd6c+fRNY5jjvYGh2YECNJ7vgo5TuoqkwC5/BplX4Xq+mImfH4LXBGZc  
Ygb6weTaMpssMwHRjX3sWZtOwqMtl+JgEiw4n+BNE6eKaAi4UvFmY31OMP8u+3DT  
x53QIlunwOQ¬uT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1976-01

Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1905-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1905  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEdq2dzjgjWX9erEAQiy4w/+O4vjc3V2WMpVz7EOHM1oHj50IH0plj1f  
IoC6Na/IxcN+D0le1pxSyEqNU+B80ZLtFuuWkM0qlImAD6FtWkBYlEB+M2mY8LC4  
+BaiLYjmnkhrTocjay8sGigkkhvnuvTwejwcClou19JQvscrnqVp6SjweMsc8uCl  
PWtBvd3Xs41QFkPdEu2eAXrrcoKMazkIOdSfhclyOuftAeO11KF0no+3p1jNewRj  
n27VhLiKnUmKycykewNrNJE6o6NyFw+Pw/VH7Y7Aqj2SfWAYCoy41aKSFG0Kh46U  
q2xEYjTOrIG4UVZjiysqeZu+wjlSd2qZhN0LKZY4DE3UVhHGu05elcoeW/0ok7WB  
l17HxAluDgHGY9wvmw3v4MRDbmWoyIPRtDmaQ4NP3+pW2K9jaS2fkvp//cRHs/Fd  
4Imaf3R9DOdxsfYKiqO6FBfWior5HAXmC3hJ0qeZiRRvGlo8m7y+B1yJ87UuGeZF  
MIBfBJubXI9l1XA3HBOjCKmU/nZ/LMUP+tWS8mQXNrWLZTcOI7+Kw8urJ87EbVcE  
6trxSoAK+mXYwX/EyIfgrxDL5zx+z0x+vjBK7dH7qHgNoGZpcCcK0feUUCUv01LR  
qYchqDDf6EK647q+CNfRDrpn92Yn6zVrgVFE/7T/0Jn5VZb4c0z0soTqHJw+mkCr  
TDwM5IdhMRo=rO/o  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1905-01

Red Hat Security Advisory 2023-1908-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1908-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1908  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_7.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_7.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEdq3dzjgjWX9erEAQi74A/+M2jr1t5T3sq8AS0fzlE7LWlAGxRwMvFM  
OXMdK5rpuYLwpurd1NSaWmS5etq3V4E1FD8UCVBF9LKFtywJNtRNXLMk4sUDaCJl  
ix3T36FKBUkdt8vuamuLM/7ojgar2gyRndFLdUHnGQiwu1o7Reqkd6YHDFD0T70T  
y/7jjkEssvrLjyVhbASZrv8KUibj87wsNwJWYeVoRjihK5t/+b25qvVsuQiT9uuS  
Y4XYiAyQvqBzvBs/PNU5wPWf8HKIQEeHeM5FdoriZAA1NQLUY1tJtyiNGmd4D4zb  
scwCiprIm1n/l1CrxiFVi8YnIP7093vr6q+lM5WkJPIKI7tkldNtUmDRPLC02m8J  
FJiUQ+dS0ECUrQ3xbX8+EiuQjSSLnr2km9zM0OPpo4V5vGM9ybZQBB5cNhxFpC2y  
KkAYJTKt23M0l+Y72Ho+AgHCDeTtUF/dtrjhpaMNVPmQJma1F3hw00dEWvx2GYYO  
VSfKOV5UL1AThxTq79oIjuFMXzXcKyTdVUOoUm/ygD2agRDdbNMYj4yn4n2pBlrb  
31Ll2YtoCLNNOxSjltQAE565P/fAZc41MxCShOPz6XHgO4PG9dIzV1ji7GxJQUF0  
1CT92JCu1IaLwaginYL+BHPzsrI45j4jp+1W5V7ZdiE4T2basTtMw4gn22UOTKbk  
zPWC4JUaFYw=pis3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux