Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat: RHSA-2023:0353-01 Moderate: OpenJDK 11 DoS & Loading Issues

red hat
Calendar Grey January 24, 2023
Dist Redhat Esm H88
The new security update for Red Hat's OpenJDK v11.0.18 addresses DoS vulnerabilities and remote loading issues to boost stability and security of Java apps
The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:


Summary

The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 11 (11.0.18) for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.17) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* OpenJDK: handshake DoS attack against DTLS connections (CVE-2023-21835)
* OpenJDK: soundbank URL remote loading (CVE-2023-21843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat DoS attack Windows OpenJDK remote loading

References

https://access.redhat.com/security/cve/CVE-2023-21835 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2023:0353-01
Product: OpenJDK
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0353
Issue date: 2023-01-23

Topic

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available forWindows.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat DoS attack Windows OpenJDK remote loading

Relevant Releases Architectures

Bugs Fixed

2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here