Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
89
security advisoryfedoraimportantFedora 42 Roundcube 1.6.15 Important SVG Bypass Security 2026-051825ca18
Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-051825ca18 2026-04-09 03:36:41.952460+00:00 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 42 Version : 1.6.15 Release : 1.fc42 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability: SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loading via fill/filter/stroke, reported by class_nzm. This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG Fix regression where mail search would fail on non-ascii search criteria (#10121) Fix regression where some data url images could get ignored/lost (#10128) Fix SVG Animate FUNCIRI Attribute Bypass \u2014 Remote Image Loadingvia fill/filter/stroke -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 30 2026 Remi Collet - 1.6.15-1 - update to 1.6.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454784 - CVE-2026-35543 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via animated SVG in email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454784 [ 2 ] Bug #2454786 - CVE-2026-35545 roundcubemail: Roundcube Webmail: Information disclosure and access-control bypass via SVG content in email. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454786 [ 3 ] Bug #2454793 - CVE-2026-35538 CVE-2026-35539 CVE-2026-35540 CVE-2026-35541 CVE-2026-35542 CVE-2026-35544 roundcubemail: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-051825ca18' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Roundcube Webmail update fixes SVG bypass issues and ensures security in Fedora 42. Stay secure with the latest updates!. Roundcube Webmail update, SVG security fix, remote access control, Fedora security patch. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Fedora
203
security advisorycriticalroundcubemailMageia 9 Roundcube Critical SVG Bypass Fix MGASA-2026-0089
MGASA-2026-0089 - Updated roundcubemail packages fix security vulnerability. MGASA-2026-0089 - Updated roundcubemail packages fix security vulnerability Publication date: 07 Apr 2026 URL: https://advisories.mageia.org/MGASA-2026-0089.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-35545 Description: SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed. References: - https://bugs.mageia.org/show_bug.cgi?id=35302 - https://github.com/roundcube/roundcubemail/releases/tag/1.6.15 - https://www.cve.org/CVERecord?id=CVE-2026-35545 SRPMS: - 9/core/roundcubemail-1.6.15-1.mga9 . Updated Roundcube packages address a critical SVG bypass vulnerability in Mageia 9. Apply fixes promptly to protect your systems.. Roundcube, Mageia, SVG Bypass, Security Advisory, Remote Loading. . Severity: Critical. LinuxSecurity.com Team
Apr 07, 2026
•Critical
Mageia
219
security advisorymoderate severityOpenJDKRocky Linux 8 RLSA-2023:0208 Moderate: OpenJDK Security Update
Moderate: java-1.8.0-openjdk security and bug fix update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:0208", "synopsis": "Moderate: java-1.8.0-openjdk security and bug fix update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for java-1.8.0-openjdk.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830)\n\n* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() (BZ#2139705)\n\n* Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-8] (BZ#2159910)\n\n* solr broken due to access denied (\"java.io.FilePermission\" \"/etc/pki/java/cacerts\" \"read\") [rhel-8, openjdk-8] (BZ#2163595)", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2139705", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2139705", "description": "* Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()"}, {"ticket": "2159910", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2159910", "description": "* Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-8]"}, {"ticket": "2160475", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2160475", "description": ""}, {"ticket": "2160490", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2160490", "description": ""}, {"ticket": "2163595", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2163595", "description": "* solr broken due to access denied (\"java.io.FilePermission\" \"/etc/pki/java/cacerts\" \"read\") [rhel-8, openjdk-8]"}], "cves": [{"name": "CVE-2023-21830", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-21830", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-502"}, {"name": "CVE-2023-21843", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-21843", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-646"}], "references": [], "publishedAt": "2023-01-26T20:49:48Z", "rpms": {"Rocky Linux 8": {"nvras": ["java-1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7.src.rpm", "java-1.8.0-openjdk-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-accessibility-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-accessibility-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-accessibility-fastdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-accessibility-fastdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-accessibility-slowdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-accessibility-slowdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-debugsource-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-debugsource-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-demo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-demo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm","java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-demo-fastdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-demo-fastdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-demo-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-demo-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-demo-slowdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-demo-slowdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-devel-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-devel-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-devel-fastdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-devel-fastdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-devel-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-devel-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-devel-slowdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-devel-slowdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-fastdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-fastdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-headless-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-headless-1:1.8.0.362.b09-2.el8_7.x86_64.rpm","java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-headless-fastdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-headless-fastdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-headless-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-headless-fastdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-headless-slowdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-headless-slowdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-javadoc-1:1.8.0.362.b09-2.el8_7.noarch.rpm", "java-1.8.0-openjdk-javadoc-zip-1:1.8.0.362.b09-2.el8_7.noarch.rpm", "java-1.8.0-openjdk-slowdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-slowdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-src-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-src-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-src-fastdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-src-fastdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm", "java-1.8.0-openjdk-src-slowdebug-1:1.8.0.362.b09-2.el8_7.aarch64.rpm", "java-1.8.0-openjdk-src-slowdebug-1:1.8.0.362.b09-2.el8_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 8 recently rolled out an update for java-1.8.0-openjdk, featuring security enhancements, bug fixes, and vital performance improvements.. Java Runtime Environment, Rocky Linux Updates, Java Security Fixes. . LinuxSecurity.com Team
Jan 26, 2023
Rocky Linux
200
security advisoryModerateJavaScientific Linux 7: SLSA-2023-0203-1 Moderate: Java Security Fix
OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2 [More...]. Synopsis: Moderate: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2023:0203-1 Issue Date: 2023-01-24 CVE Numbers: CVE-2023-21843 CVE-2023-21830 -- Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) -- SL7 x86_64 java-1.8.0-openjdk-1.8.0.362.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.362.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.362.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.362.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.362.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.362.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.362.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.362.b08-1.el7_9.x86_64.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.362.b08-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b08-1.el7_9.noarch.rpm - Scientific Linux Development Team . A substantial security patch for java-1.8.0-openjdk tackles significant vulnerabilities related to unsafe deserialization and remote asset fetching.. OpenJDK, Java Security Update, Scientific Linux Update. . LinuxSecurity.com Team
Jan 24, 2023
Scientific Linux
98
security advisorymoderateRed HatRed Hat: RHSA-2023-0354-01 Moderate: OpenJDK 8u362 Windows Security Fix
The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenJDK 8u362 Windows Security Update Advisory ID: RHSA-2023:0354-01 Product: OpenJDK Advisory URL: https://access.redhat.com/errata/RHSA-2023:0354 Issue date: 2023-01-23 CVE Names: CVE-2023-21830 CVE-2023-21843 ==================================================================== 1. Summary: The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (8u362) for Windows serves as a replacement for the Red Hat build of OpenJDK 8 (8u352) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, referto: 4. Bugs fixed (https://bugzilla.redhat.com/): 2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742) 2160490 - CVE-2023-21830 OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) 5. References: https://access.redhat.com/security/cve/CVE-2023-21830 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY89f3tzjgjWX9erEAQgKDQ/+LUmxoGX+kVMjTfUi2QE/6Au/G89EygyP 5mX3NPutp1wO1ClI6RT+W3r0kZx2Q8BNoROizcco+VE9FLyYpnKIoi/40VtrXifq y5vT6oocA82PXcoCFEVK/ybVmCDYCYqpKWrmnF78CDODBDMgZBDQEDcq7Gi0NyQv YduYtrqedwTtm7F+7qKvS7axt0bSn5SaIZqhUH9l/JLCAf/UAVHHK2682T8bgzod 7gbFxkszXJifxml4i+LVcP6axPbud4GKh88YUIhEi0glyDhoDQfBHyUyIV998nCK asuhRYQ1+BVMLKpciC11YOYDvUsOdaKw8aB062aacu3qfM+x3x8di2Tw8PO9aSaF U9dIDiwiwJcye8z5Y79KCGOrtLSDdnLPMyLp0nn6Mhc+xskpAYU4zmsngO9Ko5aP q3ERDumFdYGSRtvh3oVxOL1NJJbRs7jiyBPJxx8NL4X/rYQI0jhupJzHHZS6gKlt ugb+lvafQsM3cEe43RfZJ+DZxVQ4hIFbNk+5ATJld2tvybhZc2GjbkBc5EgfSb7e 0FpoGu8el+g11goOvX3GWRiW6ZnXoIjsAYcMtUgb7MOjIH/AxJ2joKBPWzavCFCH ZJGXi/629ub/+lAp97wmPPVOfv+/5mri2miv9CgVRZZhBScw8nFJvrfSUmab233+ FP0ea9F1WnE=jQFY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2023
Red Hat
98
security advisoryRed Hatmoderate severityRedHat: RHSA-2023-0387-01 Moderate: OpenJDK Fix for Remote Loading
The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenJDK 8u362 Security Update for Portable Linux Builds Advisory ID: RHSA-2023:0387-01 Product: OpenJDK Advisory URL: https://access.redhat.com/errata/RHSA-2023:0387 Issue date: 2023-01-23 CVE Names: CVE-2023-21830 CVE-2023-21843 ==================================================================== 1. Summary: The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (8u362) for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 (8u352) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: soundbank URL remote loading (CVE-2023-21843) * OpenJDK: improper restrictions in CORBA deserialization (CVE-2023-21830) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Fordetails on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742) 2160490 - CVE-2023-21830 OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) 5. References: https://access.redhat.com/security/cve/CVE-2023-21830 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY89f3NzjgjWX9erEAQh35hAAkeXwAdEFfIoC7VcMIlyrh3MmHUnC6pjv n975hBraglQ+KCQpLzdlfLKN86VnLo/Q5oS2m6E59qaAmbCA2teMiK71UEVhXRjx NxuJpLAEqbjmNiKAHASCxnzTwJskcpKdyoQTCGg+i6muh2ZK++pYGj4WuX/x+OGe RlDFV8NnvBukW6FqhCayEzpiiROC3dyN8nC5neHxQqcB6VEN4QF3wsEpQ/VaPrT4 GtmAVF5PCzdjaJtBHJGHYLVJ+lwffx2LlaVAb+Nj/lciVPiBMXd66Ll0aHFtNFCA n/B95VGlW+oibJ74tGls0yjA8QdW99YoNmeLatQmv0h91UtOIIkUJ3dBRA7nOpPx EZM+/rFCZKCFIj44PbE2wZ4Y6YVilntSkQfT9XDlVARrAPLtJg8nmoQMLzW26bKa R2CZdDH0xE4GlrczPNRn9nYp7QP2T642/t47lq9pdquR6fwdte4kL9A1Jvsvq0aq sGCdEi2UsP+26YcLJX3w27r/VqSaEL0QZ94ott7Oo3Edb/mcHPNujQ35ALhcoSn+ dveedRs5Lv8Di/5U8y6fhZtmZ+CxgaYLfH3iNOzDRg4Vfr9k3Pio4f0/i7JHn5Se 3UwILlk9BNNETpPvDy2IJTUzPkjpvMYeh5Yv1RzjxaNzmZA5efSe/Wrn2u2fdviK PUxM2Ermgz4=F0aN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2023
Red Hat
98
security advisorymoderateRed HatRedHat RHSA-2023-0388-01 Moderate OpenJDK Security Issue Summary
The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenJDK 11.0.18 Security Update for Portable Linux Builds Advisory ID: RHSA-2023:0388-01 Product: OpenJDK Advisory URL: https://access.redhat.com/errata/RHSA-2023:0388 Issue date: 2023-01-23 CVE Names: CVE-2023-21835 CVE-2023-21843 ==================================================================== 1. Summary: The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 (11.0.18) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.17) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Fordetails on how to apply this update, refer to: 4. Bugs fixed (https://bugzilla.redhat.com/): 2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) 2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742) 5. References: https://access.redhat.com/security/cve/CVE-2023-21835 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY89f2dzjgjWX9erEAQgdoQ//SAS13eaN0LKzyM66sGrhNDXAgqOIlEoc U4gGVjIFDOmoK9nAK+RTfVMnsF/CvvuLmKPbQTMzRAdLqYn/JQX0BIc4v+nRw+76 T2Acqe7UZLaGZcwR2lN+z+DTGIChU/7lFLBFCZQiDd3s+UfOw1sPJJbmI+hC4/yg HQ7zf9QleGSkHjzahx3CqxbgPCd8BuTxhHJsnvR8sYvMD+OhV0jXaZf4wLzDzzvI kMkIGp4iWSteC+NCxSLalxkbttxh0FG910gBUYyIFmfe7xn50Bu4Jbz0pcLVW694 JaL1WidBW+JvBupPU6Or1VyJ3Kt+F4lQoyC4cfYhFyhhXZIdotZ2YJAygJsz6BB6 aW95suA0MQI9SskLjRDrRef0C8u9yQrxV0LMx77lBa+bEeTdA/XgqsxDMaXWnmM9 f7Hv+qKT6ewwPVDDepkx2hGb/fjEGamScRFjZd+uxozxB1bEjKZoNigP5U7M4n7f pWAL1cTz1ws5eG3DthmeWnm9ZG5dfEQQsM+m2/9ZURdS4AWNmwyeWK6k8XAzwgpa iDRVaHzyfc9L9TJa58IQZLJM8SEAktBhLmFyrJMYPI4aUSJjd3HDuHxYwpMpoeoE zItmT7l6dRd6K+A4zZ60Qk7WOwm9/IOl07Y/PSy+ix3IMYbbB8HRbl/RkNjcjV5V g15CpVYrzSE=FDFL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2023
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2023-0389-01 Moderate: OpenJDK 17.0.6 DoS Attack
The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenJDK 17.0.6 Security Update for Portable Linux Builds Advisory ID: RHSA-2023:0389-01 Product: OpenJDK Advisory URL: https://access.redhat.com/errata/RHSA-2023:0389 Issue date: 2023-01-23 CVE Names: CVE-2023-21835 CVE-2023-21843 ==================================================================== 1. Summary: The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 (17.0.6) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.5) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Fordetails on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2160421 - CVE-2023-21835 OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) 2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742) 5. References: https://access.redhat.com/security/cve/CVE-2023-21835 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY89f19zjgjWX9erEAQieDA//Rst80twqLA5SPMTwMFqlrNWDC4f/NAT8 +XsTiQfPKwKWULSPV/3EeQrzbpnTu4AZFnBkXHrkZS5V3u+26h7RtlJeuhOpc6/s eXzDd0J+KA3XXh0H1JT3z0lUjqRm5CUFJN6hpWg/s0XtyKONzV1MUtesC0N1LbUE d0fPqjQIJbOJcpitYp2e/qaBFDG2ODxF3Cq2bin+dws2bZM46wcRJnqrNg0uvg8N HGKWKCNKqqDmOL2LlnoBV4RVsBDzw6kr88oLS5mfvtEQj5siXx5CI8gWwpyaGfPt 1WZY/cnie0rzVbcYTwNlpkTXqsNC/kVzrI6jAR7jlSzetwa04Gi89QlL7XKtzrTC b4ulaZTWMXW0LFiAP3Eb2q1p0UZd+9WlXngsAN9pxR0KWV0Qnzef6Jz0XPGGLBGV EJEScl4knh/Xxjf4ZH+g3mCBXmfI0cANPZDHngeoLb0EZloBmoLgAP3Ssnlzk9z2 YDv4ZAKGB2RSIYWxvgzMpiUBPozDfiDhQEXSBRwNHKPfKSdr/bPS/usts2k4eORa IAqGDFcoaJAORdqEP77tRDFoT7USaF9p9LWDZK29XsLsU5cCWWrGkBqeOEhwAf3L 44eXQFKcmfiVi6Wxt+Iz66NdK0QZ6I14UkEhN7uVs4+R5ZUmxCMkhJNtv6fUkqdN 9kYuPN49V5E=Q2/y -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2023
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!