Red Hat Security Advisory 2023-1907-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1907-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1907  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_4.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_4.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/PtzjgjWX9erEAQjNMA//bpp1jGrB3u5Q2khidQCghVv1Ggpr0Pzl  
n/9ujekG6aztyaTFSfJsX2CFZJmlCVT8v6UncZgSxeQ7KiOqNhESoTVQr+KyxVoZ  
YmpDr0HXWsa6y3KNERUBUdJ4vlbegky1jDvBPsQkzO9rijAl7/KRcP/cxntWupk0  
LyYrZWD9G8mBAalNDMozQD2C0DwFsi/R+GOQRFcP5GdIUUE+/676Xnloua+5W2wJ  
7MDi0LDQ2DpIm2DjYxpDOEgvxxMdy2OitDVJMs49xEvUkTKQtW0wNi3afMZhnvVJ  
SuWiqeavY7L9x6IAphIZXt2Ox9H3gCCflF1gk+00V0UI1OpKTTsTeZrHBN9QMy+F  
Bfq5No79e/tP5eK+NIcaWW7vHtTp3RIf08KBj4Vfh0tY4iSRx5NzQrJD94tQiZTj  
CnooNmgwOiZ6u5C9EoEpe6lkEsBXqzT3MdrxDr1m2gbGU6i4xWK9xmCYhMaoZ4XA  
mwJauSnF6z2WeET6U/qA7N816aRe2dDwTwUox8XQIdJDd2fFCi70OkbKMmyMzrGM  
GggQdCv0doE18/+g352FnsGgVVM2dsKY/Kmn5Ow+cyJLyvmu5D+3Z/8uzjJzgKr0  
1RBrVDjOL+VJv1NMi6PtjSWvuxD4JiXx4MW4yYksAoN9LGjbcgDxOc8vgGGmkqUG  
U/hqThgIrAE=jYFe  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1907-01

Red Hat Security Advisory 2023-1984-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1984-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1984  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0386  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kpatch-patch-5_14_0-70_30_1-1-5.el9_0.src.rpm  
kpatch-patch-5_14_0-70_36_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_43_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_49_1-1-2.el9_0.src.rpm  
kpatch-patch-5_14_0-70_50_2-1-1.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_30_1-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-1.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_30_1-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/OdzjgjWX9erEAQgufQ//fDXSzoikL1jX2sZ9p8xKP9k1n7ddJZSa  
uBwl7BJcsmZ6UxukTFGpgsHxzlw0fpwVWU9WJxgDkKXQ2SaqaL9GNWh1VAIZj2BQ  
FGXi5FuBn3a0F8+vDzWApNlgnxhHspqHtT+duh2S5oPQ4OCF7ha2nzI34NCZDomx  
xXp9RTblxIDYGgLwrBmaHhgJb2gddHJwQymADE1yi/qEdV9PmhAlJd1PozGkgrQW  
WJU5wSP2Ppx6rCgkNSKdkG+DaCTqtK1HouBgsgAbvU0VqdFZSPjhb48sXZ7roe45  
HesxY5ofH1ouKFwqWJPrkh0ra7nvSex1TWGXOjI+PMIoodDX5hb9Z7r1n7hz4/iI  
ZIIYF2W9Gg/6Et/lU8Oi5UqVw17287UbsfMWWpwVcm+mfQmhkU584us74o1VtQg6  
gAcU0yJE1MWPZrisQs+vNu2XHqX4Mdl5QyGU+mH6MjIQF2VDIYwhkbVPoyWdDnPH  
fI5jBmcJcpeOB0svwett1Q3zv++LZaxkhJwqgDbPiRw2RxYsOkJf9BqK28Qz5RH0  
hIz5/ayBz5xbAil7nivB4cSjhMilw+s17hwAMS7HtqEJQ4MUVYGbRJF+tEN5YP6h  
nldlLV/ehbFuGTn03ZCHSsg898GiX0DwqARhgKbGpNPvK+aYQ5Kw6q4Vzfh9dVYl  
qDiQifO1QgQ=3T1V  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1984-01

Red Hat Security Advisory 2023-1970-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:1970-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1970  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0386  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL9.0 64TB/240c Denali: "vmcore failed, _exitcode:139" error observed  
while capturing vmcore during fadump after memory remove. Incomplete vmcore  
is captured. (BZ#2151214)

* Support cpuset.sched_load_balance by changing default CPUset directory  
structure. (BZ#2161106)

* CSB.V bit never becomes valid for NX Gzip job during LPAR migration.  
(BZ#2166251)

* Update intel_idle for Eaglestream/Sapphire Rapids support. (BZ#2168359)

* An application stopped on robust futex used via pthread_mutex_lock().  
(BZ#2168837)

* FVTR1020:Rainier:Non-HMC:MPIPL Dump is not getting offloaded to Linux  
partition. (BZ#2170853)

* update qla2xxx driver to latest upstream. (BZ#2171812)

* MSFT MANA NET Patch RHEL-9: Fix accessing freed irq affinity_hint.  
(BZ#2175254)

* In FIPS mode, kernel does not transition into error state when RCT or APT  
health tests fail. (BZ#2181729)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.53.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.53.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.53.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.53.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.53.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.53.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.53.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.53.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.53.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.53.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.53.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/NtzjgjWX9erEAQg4Hw/+MS0isb6d7vJ3MAvho1yaLu2Mh/w8EpjY  
oLFkNbMDJdAtBN2JuzGaj2dQVLgCPcrqf3qPfpd9JdL85Hf456icTapJGuTIX1hl  
0iqJ+pQ+Ieceg/CVfxXMPXyF895tIE2WluxzLj1c8kiy1UaoUOkWUXAh7kk7XODU  
uutSThKf48BgPsSZZalEVs8+X91FBVf5ZJRI56r855Mv+2GHwjwUx5OwAfn2m5Wo  
cC0KjZ3rDuPcP5kYnuGsBV4agUv4h2ROnVoxW7GRRd8SuOA+/m+UNJGDzxq5Xcqw  
1n228NIgXynhkH/vn7h5phLY0aL83lylbggEcmVtX61+UUoV1j8hA6hIu4Z079Df  
ieHTF3vgk5HCbTDHTT612J9u3P2FjhnJBjANgb972RQRBmBj3JUT/jFiRhutYh29  
Jm5YVX7s5RbumZu3W6ZooCpdbYGl/nP3AisQEpSPwIWTzWxDiM6SQK91t1GSHe8O  
rXQPZSC95J/rKswfq0HMDnXKjLd0782gyw3VSaDL8zv/YUimhd8EBI666tEo/7iS  
oYa2G2t/+4TFkRJbTmObuPyFdBE/DigHk+S3m3WXMbQg2P0GLtIUP/9o9SK060wK  
EM3a1vcM/aL0x7JQl8fLYuAgVkYCAILrY+VWYhHpMnvuDzuckNsUemUdAYLmWgJC  
hE41PSho8MI=7+rr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1970-01

Red Hat Security Advisory 2023-1978-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: haproxy security update  
Advisory ID:       RHSA-2023:1978-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1978  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-0056 CVE-2023-25725  
====================================================================  
1. Summary:

An update for haproxy is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The haproxy packages provide a reliable, high-performance network load  
balancer for TCP and HTTP-based applications.

Security Fix(es):

* haproxy: segfault DoS (CVE-2023-0056)

* haproxy: request smuggling attack in HTTP/1 header parsing  
(CVE-2023-25725)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2160808 - CVE-2023-0056 haproxy: segfault DoS  
2169089 - CVE-2023-25725 haproxy: request smuggling attack in HTTP/1 header parsing

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
haproxy-2.4.7-2.el9_0.2.src.rpm

aarch64:  
haproxy-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.aarch64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.aarch64.rpm

ppc64le:  
haproxy-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.ppc64le.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.ppc64le.rpm

s390x:  
haproxy-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.s390x.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.s390x.rpm

x86_64:  
haproxy-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debuginfo-2.4.7-2.el9_0.2.x86_64.rpm  
haproxy-debugsource-2.4.7-2.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0056  
https://access.redhat.com/security/cve/CVE-2023-25725  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/MdzjgjWX9erEAQifOw//Qhb7JBxHnqBrEeY88/Cs6dyXrd2Flhlf  
oh/W+10FQnxpUldkVovcXK2/hq2GkQ6LT0UN8fbDXaxfEpDSumpGWLRyrlARbfUA  
s7eBMr7QALnuHQ+UyXlSUrqgWkNIKUGH4UA8CvE3GLR+QOO/PSOf57viYWbsA5qT  
p9MBKB0C/8eoh6YIW6wOcptbIeAiv8E+RlktO16ECgmbZhELFZwMmezRba8uNH/P  
xDspWRWDzzjsRMttwRozVjqAxl/WVd0TDlhQ94DmjarH1+R8JzTTF0KIzONlIU1L  
M/HS7/T9yVmWjs4VAnRxNU8zWqYv9HaTWAcIQj4cwjiOSn7+hzlxp6mhK8Fkg1k7  
F2IuXFzOusylfknhadkDnX6F+Zh4lPRvVCVk2rmxNpI0Dm2M9YQV3lJ3NnNCWYfL  
ax7hCl3Dc0rVe8ntMfMSfAc8EGYG/G3U4IH9ZBZEoLkca37EZLX59SDp3Ur3jP82  
CLz24wLCT2z6fAbQI13s2bJ0DoHavwblpre2Cj7cfpNDOn689YRyTm+Moe0DlqUI  
P265iPiAxSabd82DWoOeNJYib2L/q/OKwxfejppq58t/f/GGHex5Xn2KjwUdV2CR  
LCI5irxUV2ASpa5ttf9fksOE2vlgS0NHBJXJ2OUb4Z9dqVUCjhraFzvuabt4Q5FK  
5JGOznhvAo0=0YyQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1978-01

Red Hat Security Advisory 2023-1976-01 - QATzip is a user space library which builds on top of the Intel QuickAssist Technology user space library, to provide extended accelerated compression and decompression services by offloading the actual compression and decompression request to the Intel Chipset Series. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: qatzip security and bug fix update  
Advisory ID:       RHSA-2023:1976-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1976  
Issue date:        2023-04-25  
CVE Names:         CVE-2022-36369  
====================================================================  
1. Summary:

An update for qatzip is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - x86_64

3. Description:

QATzip is a user space library which builds on top of the Intel QuickAssist  
Technology user space library, to provide extended accelerated compression  
and decompression services by offloading the actual compression and  
decompression request(s) to the Intel Chipset Series.

Security Fix(es):

* qatzip: local privilege escalation (CVE-2022-36369)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Intel QAT Update - QATzip (User Space Changes) (BZ#2178633)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2170784 - CVE-2022-36369 qatzip: local privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
qatzip-1.1.2-1.el9_0.src.rpm

x86_64:  
qatzip-1.1.2-1.el9_0.x86_64.rpm  
qatzip-debuginfo-1.1.2-1.el9_0.x86_64.rpm  
qatzip-debugsource-1.1.2-1.el9_0.x86_64.rpm  
qatzip-libs-1.1.2-1.el9_0.x86_64.rpm  
qatzip-libs-debuginfo-1.1.2-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

x86_64:  
qatzip-debuginfo-1.1.2-1.el9_0.x86_64.rpm  
qatzip-debugsource-1.1.2-1.el9_0.x86_64.rpm  
qatzip-devel-1.1.2-1.el9_0.x86_64.rpm  
qatzip-libs-debuginfo-1.1.2-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-36369  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.0_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEe/MNzjgjWX9erEAQiCkQ/+JXsRC31J5vn61tshdQX+2qQV8QvxZe0x  
piU4xN3Cx5Xi+KbPZgdPjyxKky3Kcftw+Bj6rXYN68buuFBvH+IRAfIVyBKzODid  
vB8s3a99z0+GTnX79nLYusqm5eUrN4u2G5ZUdIEvIOmaoyd+F3U5jZ0rBPbH26zx  
xRjwgh7zGA4lqHrFMOywxC55l5s2fFOd/Ot6xWUedOeIdArX3zcR3+2LnMHNsm+x  
F6im2KZb2V5Pwc9GGSGWSoMciC3HbNc0rZhyuacHvO8SM7lAJ5hqepWekM+C/NYw  
aIlcAj4UnLBm29bbZqIUvmBaG0szJE1v4Ppf1QQnT2pudt4cnrjDb8wcLU564u3c  
7uEKYUe9E/9iqJ0Bb2Ou3ad62SAIRoMu8U5nJ/d36L8Qbqt4c9Fpop9Hq1HZerVO  
GpkZEIWPYH/S9kF5S7gRCTRL46niRhfr4nEoUm34wRDyhmhg7GiOVlPnLVjNiMSs  
1QCipVePDlUC71NS9d+FXPIQI5VRITwafPstQ9sOmiL0tz3mOsqD62shk5+EbW9p  
KN+VMRkbqd6c+fRNY5jjvYGh2YECNJ7vgo5TuoqkwC5/BplX4Xq+mImfH4LXBGZc  
Ygb6weTaMpssMwHRjX3sWZtOwqMtl+JgEiw4n+BNE6eKaAi4UvFmY31OMP8u+3DT  
x53QIlunwOQ¬uT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1976-01

Red Hat Security Advisory 2023-1905-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1905-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1905  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_2.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_2.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_2.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEdq2dzjgjWX9erEAQiy4w/+O4vjc3V2WMpVz7EOHM1oHj50IH0plj1f  
IoC6Na/IxcN+D0le1pxSyEqNU+B80ZLtFuuWkM0qlImAD6FtWkBYlEB+M2mY8LC4  
+BaiLYjmnkhrTocjay8sGigkkhvnuvTwejwcClou19JQvscrnqVp6SjweMsc8uCl  
PWtBvd3Xs41QFkPdEu2eAXrrcoKMazkIOdSfhclyOuftAeO11KF0no+3p1jNewRj  
n27VhLiKnUmKycykewNrNJE6o6NyFw+Pw/VH7Y7Aqj2SfWAYCoy41aKSFG0Kh46U  
q2xEYjTOrIG4UVZjiysqeZu+wjlSd2qZhN0LKZY4DE3UVhHGu05elcoeW/0ok7WB  
l17HxAluDgHGY9wvmw3v4MRDbmWoyIPRtDmaQ4NP3+pW2K9jaS2fkvp//cRHs/Fd  
4Imaf3R9DOdxsfYKiqO6FBfWior5HAXmC3hJ0qeZiRRvGlo8m7y+B1yJ87UuGeZF  
MIBfBJubXI9l1XA3HBOjCKmU/nZ/LMUP+tWS8mQXNrWLZTcOI7+Kw8urJ87EbVcE  
6trxSoAK+mXYwX/EyIfgrxDL5zx+z0x+vjBK7dH7qHgNoGZpcCcK0feUUCUv01LR  
qYchqDDf6EK647q+CNfRDrpn92Yn6zVrgVFE/7T/0Jn5VZb4c0z0soTqHJw+mkCr  
TDwM5IdhMRo=rO/o  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1905-01

Red Hat Security Advisory 2023-1908-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1908-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1908  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_7.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_7.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_7.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_7.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEdq3dzjgjWX9erEAQi74A/+M2jr1t5T3sq8AS0fzlE7LWlAGxRwMvFM  
OXMdK5rpuYLwpurd1NSaWmS5etq3V4E1FD8UCVBF9LKFtywJNtRNXLMk4sUDaCJl  
ix3T36FKBUkdt8vuamuLM/7ojgar2gyRndFLdUHnGQiwu1o7Reqkd6YHDFD0T70T  
y/7jjkEssvrLjyVhbASZrv8KUibj87wsNwJWYeVoRjihK5t/+b25qvVsuQiT9uuS  
Y4XYiAyQvqBzvBs/PNU5wPWf8HKIQEeHeM5FdoriZAA1NQLUY1tJtyiNGmd4D4zb  
scwCiprIm1n/l1CrxiFVi8YnIP7093vr6q+lM5WkJPIKI7tkldNtUmDRPLC02m8J  
FJiUQ+dS0ECUrQ3xbX8+EiuQjSSLnr2km9zM0OPpo4V5vGM9ybZQBB5cNhxFpC2y  
KkAYJTKt23M0l+Y72Ho+AgHCDeTtUF/dtrjhpaMNVPmQJma1F3hw00dEWvx2GYYO  
VSfKOV5UL1AThxTq79oIjuFMXzXcKyTdVUOoUm/ygD2agRDdbNMYj4yn4n2pBlrb  
31Ll2YtoCLNNOxSjltQAE565P/fAZc41MxCShOPz6XHgO4PG9dIzV1ji7GxJQUF0  
1CT92JCu1IaLwaginYL+BHPzsrI45j4jp+1W5V7ZdiE4T2basTtMw4gn22UOTKbk  
zPWC4JUaFYw=pis3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1908-01

Red Hat Security Advisory 2023-1904-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1904-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1904  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Native code within the OpenJDK code base attempted to call close() on a  
file descriptor repeatedly if it returned the error code, EINTR. However,  
the close() native call is not restartable and this caused the virtual  
machine to crash. The close() call is now only made once. (RHBZ#2159458)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2159458 - Do not restart close if errno is EINTR [rhel-7.9.z]  
2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm

ppc64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.ppc64.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm

ppc64:  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.ppc64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.s390x.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEdq29zjgjWX9erEAQiy9A/8CDu49/+VKUO0AUxBYzo5zUSDNdonPLPy  
5Ca5WKFB1Awx2+rj3zfdhaApgRZoLVn58itoNr3Yx3ZUJyWZftO24pPpkBnQWLZ7  
o+hnPMbtN8eR6BjQ2Da0bJR3RC9JRohlA8ADDNzIE4F9HhXDyzyDTVMC6rq7tkvL  
TgOrgsDIf+pXWUtfV06VmpCVvMPqFJiUEyjI5VLq8rQmVu73Kw78pTtr8rIoaZRO  
NkQWWmt++UWQyFyaMtjvCwrNC/+dQwgr+VtGGX2g2koH2kpPBg9YV6tndLz6dxTR  
sOysPAIIiszvdfxq6tWMSk7TcT0wdEqKjHFXiUapGLJceL9k9Sf+fnca6njIAXbD  
ZnZvuVyQe+oa3oP6A69QvV+0lKfAcyKUZUnh3veP20k4xrkos66bm6tsozs+almX  
vkMEAJlbw+vFH1nBw25Om4TPnrxRY/cBX1gd2fY+SqGHxIZGw5ytono2OBYLSWpt  
aABmiFB1Pei8nIFXZxz7mtBshrxf6g9QpUy7mhOD3nKogR45zfmCY3DecY2AxDFz  
V/kUduHLzSK6pwZAXK3VfLSCJc0Jd4wbnmyIUTb5vv55Cyk35zFsivFOo8r7aCDb  
h8Ns/MBE65dCLtIayWyhdQqMWi+ttQ9+Jhxl5Hqs8br+rMY4skVv7eGkPTxb3Si5  
37F/A+KirO0=BL4D  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1904-01

Red Hat Security Advisory 2023-1906-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1906-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1906  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938  
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967  
                   CVE-2023-21968  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_6.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_6.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEdq8dzjgjWX9erEAQhfBBAAiyRmD6bsiVqSCbjbaRKe1zeqYVsZzfvB  
AZfMufFAjgkBsVQ7jUZ5u/Bcjne9DH2MO2K5FP7QgXDoV/vG13iKbi5YVWAt3mhM  
0x3cDyN5WsKKo/lgaCi4GAKwM11CW082pH+hISbdlk6qxjDbbLJmkD+x9S7ntV80  
QAxynMa3v6otAfqCD/Uj95pcrY3JhZuv3pcQcgDgjL5pyWmqB5EGFmahRMQzmgwd  
fJRwBoqi6xRDsYIjOB15TURLoT8CbScVrSvuDcevSQELp2emGmS6OpeXl9yCin/5  
hJFTgqBbOE5CjW4iy7ZBMl0XwqhNgAwhTXzGTmPCUE6lO/Qxb6Y82xsi0lNA9B1x  
khBAYBWPcANN3X7hq4kqjIZDBrGMBVSXbQjiybQvfZ6BMbXl6KfkEgOOV5DX9NV3  
TUwaXVQi++1ZPhJviej6tjGHwUJjFrMnaTbJ6AjWaPyZTmEocBF5qrICC2AGITI4  
g4qRIuZKj5A1Pb3UTQI778tbFvwIWUPkJdu3Xl0acAxycZcKtzJhP2obsgxe0RIP  
7IBmWhidBcHScTS+WhBWaYFT/wSVoBTroinckANHZTBr263cKk9axI2embLwKatP  
ecalaoE8Gnced2lGX3/PzIP1sNgfMwg2/TsaRg/xB57WQa/ctYnY/w7mhZeHQuFS  
V/G0qvDvl+k=MULa  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1906-01

An update for emacs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.


**Synopsis**

Important: emacs security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for emacs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.  

Security Fix(es):  

*   emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Enterprise Linux for x86\_64 - Extended Update Support 9.0 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
*   Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
*   Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 9.0 x86\_64
*   Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
*   Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

**Fixes**

*   BZ - 2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

**Red Hat Enterprise Linux for x86\_64 - Extended Update Support 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

x86\_64

emacs-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: f3e856d8537e1fc72a7f0eddab9601cff1e4751ee922f265caed38ab6dec69bf

emacs-common-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 354dc6bff8ba3e4d2f2af9b9b2661045338ddace9f80398c642ccc3fcfa8a795

emacs-common-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 0f9510a36e6003c97f3f8c73be82f86ba96fa7156aedbe2ffae408230fe6ee0f

emacs-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: d085afbfeb53bb69e6e79a953e3c48f40d0a587638aefb5b166ff84b3e800884

emacs-debugsource-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: e28451ba824e823ae98918c11e25e2b4c56b78e6856abfa78fd154740570a0ab

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 0eb221a9d09d793895d1f315af9b4c0088a2f6f0e82747d09800a04e5f42f0fb

emacs-lucid-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 4b50bb77bc76531fe13ae3ebb82a6a740dae40a2dee493215a1b108068c6b320

emacs-nox-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: e880ba3b5c9bbf810142b58333d8f210df72e23ec47b1c7db002270456aec667

emacs-nox-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: f9f717e4a6b660efde0fc20259cc38cab1efad87dfe1372ac5e66ff61558a00b

**Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

s390x

emacs-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 4d9124b582e490e35d1c88a75f14a90ada8ce6ebb81f1d2b566b717384849365

emacs-common-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 40aac13f51662300d5d4981e279762bd1f6ae621122126952416d6c01bf591bb

emacs-common-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 861d300b40e564d6aa682d534dfc9faa85629937c1b396329d19bfe8cac233f8

emacs-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 5e13939b0bbbd61f932195fa8e20c6c61f56dfdb6aaf4b90136dae6871593d29

emacs-debugsource-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 6962379f821969e2f4a4143cbc9aa70b003f528796d254d59ad4300e1820d154

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 18c76dca3119adf477397a5047cb30fc009d8192d03eb2abd55a961881cd79da

emacs-lucid-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 4fc6211267e4abf1bcdf3b906608b9cd4c05382817b7cf88c26b56f914ac3398

emacs-nox-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 7a7edeb7afc029b933c3dceb65502511902709e1ca1eeb3fa6f2c08897772bed

emacs-nox-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 3b886e50f51c5e019b3310c91720d736bf786e1a9546f24dffd41f20a9108161

**Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

ppc64le

emacs-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: d401c941958b7a0035e88413a73a513d5c5668662f8f6881c28f3f917b77a4f2

emacs-common-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: f7365c761bf33e0995ca6c92cbb64d9f356a03b50e43e59f1f6d9bdaf7d6b795

emacs-common-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 08fe586275c8c14b01889e2ca43a797480da6f6652f40a71bdc65be786b50d9c

emacs-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 08f471f305090868d3f836f5950f1f52bd05fe6c97e413ac0ebe752654c7c039

emacs-debugsource-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 5fe749f7f2b21a12e525e2071fb2d91dcbb604c8866a35ec2264426801444caa

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 41edb23f8d4c6005423112adbf44e933a27c8d4912df948cb90e46f6dc31a825

emacs-lucid-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: f91050c5a5bdcca3f1df008b561147045be984296fc44ecf994233cc5cb1c46c

emacs-nox-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 5ffdedb98e7b4cffd9c1d1e0df66a40b7559b8e9033f850c34d0320ab91ee24e

emacs-nox-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 79b1d1030d80459e18e90f45fcbe5b93c8ce1254b8366ba74702a0c2e7ab195a

**Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

aarch64

emacs-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: f3980dc522f490bef765aff7a3a6b2bf7afbf17fab7f3335291f78a3ad95b010

emacs-common-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 9fdb261eb8f1835fffa8d2a2fe057c2cab0e0c2d814c92370641b0247b8f977e

emacs-common-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 856769bd727f979671f431af05a0a480b890dbfbe0e821486e009158f3704883

emacs-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: ee91e894f78da157a8e3d26a79f9c8f4bf424f85015103a9d1112e1fdf077141

emacs-debugsource-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 9a8db7772a866c206490e3068643182894d14dc250e7b2d241711e6c62de1821

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 3a83ce7739350050c1d13231f20ed17afb153589a073a59b2118e66024e9ded9

emacs-lucid-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: b6c6546dd0cd7664849e97d13f46d21f2c8f3260be3c8e404286c1a9014e1c4d

emacs-nox-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 32641033d4a6d8aecaf4074289c64d6674b8162531206c045242cf9fb37439e5

emacs-nox-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 60eef88e25a9e7a6254edadcda4751b40aa509d7de1c5018ad939d33cb646366

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

ppc64le

emacs-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: d401c941958b7a0035e88413a73a513d5c5668662f8f6881c28f3f917b77a4f2

emacs-common-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: f7365c761bf33e0995ca6c92cbb64d9f356a03b50e43e59f1f6d9bdaf7d6b795

emacs-common-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 08fe586275c8c14b01889e2ca43a797480da6f6652f40a71bdc65be786b50d9c

emacs-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 08f471f305090868d3f836f5950f1f52bd05fe6c97e413ac0ebe752654c7c039

emacs-debugsource-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 5fe749f7f2b21a12e525e2071fb2d91dcbb604c8866a35ec2264426801444caa

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 41edb23f8d4c6005423112adbf44e933a27c8d4912df948cb90e46f6dc31a825

emacs-lucid-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: f91050c5a5bdcca3f1df008b561147045be984296fc44ecf994233cc5cb1c46c

emacs-nox-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 5ffdedb98e7b4cffd9c1d1e0df66a40b7559b8e9033f850c34d0320ab91ee24e

emacs-nox-debuginfo-27.2-6.el9\_0.1.ppc64le.rpm

SHA-256: 79b1d1030d80459e18e90f45fcbe5b93c8ce1254b8366ba74702a0c2e7ab195a

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

x86\_64

emacs-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: f3e856d8537e1fc72a7f0eddab9601cff1e4751ee922f265caed38ab6dec69bf

emacs-common-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 354dc6bff8ba3e4d2f2af9b9b2661045338ddace9f80398c642ccc3fcfa8a795

emacs-common-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 0f9510a36e6003c97f3f8c73be82f86ba96fa7156aedbe2ffae408230fe6ee0f

emacs-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: d085afbfeb53bb69e6e79a953e3c48f40d0a587638aefb5b166ff84b3e800884

emacs-debugsource-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: e28451ba824e823ae98918c11e25e2b4c56b78e6856abfa78fd154740570a0ab

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 0eb221a9d09d793895d1f315af9b4c0088a2f6f0e82747d09800a04e5f42f0fb

emacs-lucid-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: 4b50bb77bc76531fe13ae3ebb82a6a740dae40a2dee493215a1b108068c6b320

emacs-nox-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: e880ba3b5c9bbf810142b58333d8f210df72e23ec47b1c7db002270456aec667

emacs-nox-debuginfo-27.2-6.el9\_0.1.x86\_64.rpm

SHA-256: f9f717e4a6b660efde0fc20259cc38cab1efad87dfe1372ac5e66ff61558a00b

**Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

aarch64

emacs-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: f3980dc522f490bef765aff7a3a6b2bf7afbf17fab7f3335291f78a3ad95b010

emacs-common-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 9fdb261eb8f1835fffa8d2a2fe057c2cab0e0c2d814c92370641b0247b8f977e

emacs-common-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 856769bd727f979671f431af05a0a480b890dbfbe0e821486e009158f3704883

emacs-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: ee91e894f78da157a8e3d26a79f9c8f4bf424f85015103a9d1112e1fdf077141

emacs-debugsource-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 9a8db7772a866c206490e3068643182894d14dc250e7b2d241711e6c62de1821

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 3a83ce7739350050c1d13231f20ed17afb153589a073a59b2118e66024e9ded9

emacs-lucid-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: b6c6546dd0cd7664849e97d13f46d21f2c8f3260be3c8e404286c1a9014e1c4d

emacs-nox-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 32641033d4a6d8aecaf4074289c64d6674b8162531206c045242cf9fb37439e5

emacs-nox-debuginfo-27.2-6.el9\_0.1.aarch64.rpm

SHA-256: 60eef88e25a9e7a6254edadcda4751b40aa509d7de1c5018ad939d33cb646366

**Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0**

SRPM

emacs-27.2-6.el9\_0.1.src.rpm

SHA-256: e9be642d59c29aa8097e80c6997222abbe4d591b994628d078d9cb7b6fcde802

s390x

emacs-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 4d9124b582e490e35d1c88a75f14a90ada8ce6ebb81f1d2b566b717384849365

emacs-common-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 40aac13f51662300d5d4981e279762bd1f6ae621122126952416d6c01bf591bb

emacs-common-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 861d300b40e564d6aa682d534dfc9faa85629937c1b396329d19bfe8cac233f8

emacs-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 5e13939b0bbbd61f932195fa8e20c6c61f56dfdb6aaf4b90136dae6871593d29

emacs-debugsource-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 6962379f821969e2f4a4143cbc9aa70b003f528796d254d59ad4300e1820d154

emacs-filesystem-27.2-6.el9\_0.1.noarch.rpm

SHA-256: 3c6e0ca7903e6280f8fb6464a55aa86efdee62744d7b373734f1e4c1b33dcc27

emacs-lucid-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 18c76dca3119adf477397a5047cb30fc009d8192d03eb2abd55a961881cd79da

emacs-lucid-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 4fc6211267e4abf1bcdf3b906608b9cd4c05382817b7cf88c26b56f914ac3398

emacs-nox-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 7a7edeb7afc029b933c3dceb65502511902709e1ca1eeb3fa6f2c08897772bed

emacs-nox-debuginfo-27.2-6.el9\_0.1.s390x.rpm

SHA-256: 3b886e50f51c5e019b3310c91720d736bf786e1a9546f24dffd41f20a9108161

Tag

#red_hat