Synopsis:          Important: java-1.8.0-openjdk security and bug fix update
Advisory ID:       SLSA-2023:1904-1
Issue Date:        2023-04-25
CVE Numbers:       CVE-2023-21930
                   CVE-2023-21954
                   CVE-2023-21967
                   CVE-2023-21939
                   CVE-2023-21938
                   CVE-2023-21937
                   CVE-2023-21968
--

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

Bug Fix(es):

* Native code within the OpenJDK code base attempted to call close() on a
file descriptor repeatedly if it returned the error code, EINTR. However,
the close() native call is not restartable and this caused the virtual
machine to crash. The close() call is now only made once. (RHBZ#2159458)
--

SL7
  x86_64
    java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm
  noarch
    java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm
    java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2023-1904-1 Important: java-1.8.0-openjdk on SL7.x x86_64

OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of...

Summary

Important: java-1.8.0-openjdk security and bug fix update



Security Fixes

* OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
* OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
* OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
* OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
* OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
* OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE

Severity
Advisory ID: SLSA-2023:1904-1
Issued Date: : 2023-04-25
CVE Numbers: CVE-2023-21930
CVE-2023-21954
CVE-2023-21967

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved