Synopsis:          Moderate: java-1.8.0-openjdk security and bug fix update
Advisory ID:       SLSA-2023:4166-1
Issue Date:        2023-07-24
CVE Numbers:       CVE-2023-22045
                   CVE-2023-22049
--

Security Fix(es):

* OpenJDK: improper handling of slash characters in URI-to-path conversion
(8305312) (CVE-2023-22049)

* OpenJDK: array indexing integer overflow issue (8304468)
(CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382)
--

SL7
  x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm
    java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm
    java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm
  noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

- Scientific Linux Development Team