Synopsis:          Important: java-1.8.0-openjdk security and bug fix update
Advisory ID:       SLSA-2023:1904-1
Issue Date:        2023-04-25
CVE Numbers:       CVE-2023-21930
                   CVE-2023-21954
                   CVE-2023-21967
                   CVE-2023-21939
                   CVE-2023-21938
                   CVE-2023-21937
                   CVE-2023-21968
--

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

Bug Fix(es):

* Native code within the OpenJDK code base attempted to call close() on a
file descriptor repeatedly if it returned the error code, EINTR. However,
the close() native call is not restartable and this caused the virtual
machine to crash. The close() call is now only made once. (RHBZ#2159458)
--

SL7
  x86_64
    java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm
    java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm
  noarch
    java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm
    java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2023-1904-1 Important: java-1.8.0-openjdk on SL7.x x86_64

OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of...

Summary

Important: java-1.8.0-openjdk security and bug fix update



Security Fixes

* OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
* OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
* OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
* OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
* OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
* OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE

Severity
Advisory ID: SLSA-2023:1904-1
Issued Date: : 2023-04-25
CVE Numbers: CVE-2023-21930
CVE-2023-21954
CVE-2023-21967

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo