Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 37 articles for you...
100

SUSE: 2024:1634-1 Moderate: OpenSSL-3 Session Cache Growth Issue

* bsc#1222548 Cross-References: * CVE-2024-2511 . # Security update for openssl-3 Announcement ID: SUSE-SU-2024:1634-1 Rating: moderate References: * bsc#1222548 Cross-References: * CVE-2024-2511 CVSS scores: * CVE-2024-2511 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1634=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-1634=1 openSUSE-SLE-15.5-2024-1634=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150500.5.30.1 * openssl-3-3.0.8-150500.5.30.1 * libopenssl3-debuginfo-3.0.8-150500.5.30.1 * openssl-3-debugsource-3.0.8-150500.5.30.1 * libopenssl-3-devel-3.0.8-150500.5.30.1 * openssl-3-debuginfo-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-3.0.8-150500.5.30.1 * openssl-3-3.0.8-150500.5.30.1 * libopenssl3-debuginfo-3.0.8-150500.5.30.1 * openssl-3-debugsource-3.0.8-150500.5.30.1 * libopenssl-3-devel-3.0.8-150500.5.30.1 * openssl-3-debuginfo-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.30.1 *libopenssl3-32bit-debuginfo-3.0.8-150500.5.30.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl-3-devel-64bit-3.0.8-150500.5.30.1 * libopenssl3-64bit-3.0.8-150500.5.30.1 * libopenssl3-64bit-debuginfo-3.0.8-150500.5.30.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2511.html * https://bugzilla.suse.com/show_bug.cgi?id=1222548 . SUSE releases a critical update for openssl-3 aimed at addressing session cache expansion in TLSv1.3 connections. Consult the installation guidelines.. SUSE Security Update, OpenSSL 3 Patch, TLSv1.3 Fix. . LinuxSecurity.com Team

Calendar%202 May 14, 2024 SuSE
89

Fedora 40: FEDORA-2024-f69ecb0511 Critical: GnuTLS TLS Security Patch

Rebase gnutls to version 3.8.5 Rebase gnutls to version 3.8.4 - contains fixes for CVE-2024-28834 and CVE-2024-28835 Automatic update for gnutls-3.8.3-3.fc40.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-f69ecb0511 2024-04-19 21:20:20.798149 -------------------------------------------------------------------------------- Name : gnutls Product : Fedora 40 Version : 3.8.5 Release : 1.fc40 URL : http://www.gnutls.org/ Summary : A TLS protocol implementation Description : GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. -------------------------------------------------------------------------------- Update Information: Rebase gnutls to version 3.8.5 Rebase gnutls to version 3.8.4 - contains fixes for CVE-2024-28834 and CVE-2024-28835 Automatic update for gnutls-3.8.3-3.fc40. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 4 2024 Zoltan Fridrich - 3.8.5-1 - [packit] 3.8.5 upstream release * Wed Mar 20 2024 Zoltan Fridrich - 3.8.4-1 - [packit] 3.8.4 upstream release - Resolves rhbz#2270320 * Thu Feb 22 2024 Zoltan Fridrich - 3.8.3-3 - Fix mingw build failure -------------------------------------------------------------------------------- References: [ 1 ] Bug #2270320 - gnutls-3.8.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2270320 [ 2 ] Bug #2273364 - gnutls-3.8.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2273364 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2024-f69ecb0511' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The gnutls package updates in Fedora 40 enhance security by addressing critical vulnerabilities. Key insights from this advisory are vital for users.. Fedora,GnuTLS,Security Advisory,Critical Fixes,Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 19, 2024 Critical Fedora
197

Debian Buster: DLA-3757-1 Critical: Timing Attack in NSS TLS

Multiple vulnerabilities were found in nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3757-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Tobias Frost March 10, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : nss Version : 2:3.42.1-1+deb10u8 CVE ID : CVE-2023-5388 CVE-2024-0743 Debian Bug : 1056284 Multiple vulnerabilities were found in nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications. CVE-2023-5388 Timing attack against RSA decryption in TLS. This vulnerablity has been named The Marvin Attack. CVE-2024-0743 An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. For Debian 10 buster, these problems have been fixed in version 2:3.42.1-1+deb10u8. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nss Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Several security flaws identified in nss libraries, affecting TLS protocols and possibly resulting in exploitation risks.. Debian Security Update,NSS Libraries,Cross-Platform Security,Debian LTS. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 11, 2024 Critical Debian LTS
203

Mageia 8, 9: 2023-0272 Moderate: Java TLS Issues And File Conflicts

The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954) . MGASA-2023-0272 - Updated java packages fix security vulnerabilities Publication date: 30 Sep 2023 URL: https://advisories.mageia.org/MGASA-2023-0272.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21938, CVE-2023-21937, CVE-2023-21968, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193, CVE-2023-22006, CVE-2023-22036, CVE-2023-22044, CVE-2023-22041 The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954) Certificate validation issue in TLS session negotiation. (CVE-2023-21967) Swing HTML parsing issue. (CVE-2023-21939) Incorrect handling of NULL characters in ProcessBuilder. (CVE-2023-21938) Missing string checks for NULL characters. (CVE-2023-21937) Missing check for slash characters in URI-to-path conversion. (CVE-2023-21968) Array indexing integer overflow issue. (CVE-2023-22045) Improper handling of slash characters in URI-to-path conversion. (CVE-2023-22049) O(n^2) growth via consecutive marks. (CVE-2023-25193) HTTP client insufficient file name validation. (CVE-2023-22006) ZIP file parsing infinite loop. (CVE-2023-22036) Modulo operator array indexing issue. (CVE-2023-22044) Weakness in AES implementation. (CVE-2023-22041) References: - https://bugs.mageia.org/show_bug.cgi?id=32203 - https://www.cve.org/CVERecord?id=CVE-2023-21930 - https://www.cve.org/CVERecord?id=CVE-2023-21954 - https://www.cve.org/CVERecord?id=CVE-2023-21967 - https://www.cve.org/CVERecord?id=CVE-2023-21939 - https://www.cve.org/CVERecord?id=CVE-2023-21938 - https://www.cve.org/CVERecord?id=CVE-2023-21937 -https://www.cve.org/CVERecord?id=CVE-2023-21968 - https://www.cve.org/CVERecord?id=CVE-2023-22045 - https://www.cve.org/CVERecord?id=CVE-2023-22049 - https://www.cve.org/CVERecord?id=CVE-2023-25193 - https://www.cve.org/CVERecord?id=CVE-2023-22006 - https://www.cve.org/CVERecord?id=CVE-2023-22036 - https://www.cve.org/CVERecord?id=CVE-2023-22044 - https://www.cve.org/CVERecord?id=CVE-2023-22041 - https://access.redhat.com/errata/RHSA-2023:1904 - https://access.redhat.com/errata/RHSA-2023:1880 - https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA - https://access.redhat.com/errata/RHSA-2023:4178 - https://access.redhat.com/errata/RHBA-2023:4374 - https://access.redhat.com/errata/RHSA-2023:4169 - https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA - https://www.cve.org/CVERecord?id=CVE-2023-21930 - https://www.cve.org/CVERecord?id=CVE-2023-21954 - https://www.cve.org/CVERecord?id=CVE-2023-21967 - https://www.cve.org/CVERecord?id=CVE-2023-21939 - https://www.cve.org/CVERecord?id=CVE-2023-21938 - https://www.cve.org/CVERecord?id=CVE-2023-21937 - https://www.cve.org/CVERecord?id=CVE-2023-21968 - https://www.cve.org/CVERecord?id=CVE-2023-22045 - https://www.cve.org/CVERecord?id=CVE-2023-22049 - https://www.cve.org/CVERecord?id=CVE-2023-25193 - https://www.cve.org/CVERecord?id=CVE-2023-22006 - https://www.cve.org/CVERecord?id=CVE-2023-22036 - https://www.cve.org/CVERecord?id=CVE-2023-22044 - https://www.cve.org/CVERecord?id=CVE-2023-22041 SRPMS: - 9/core/java-1.8.0-openjdk-1.8.0.382.b05-1.mga9 - 9/core/java-11-openjdk-11.0.20.0.8-1.mga9 - 9/core/java-17-openjdk-17.0.8.0.7-1.mga9 - 9/core/java-latest-openjdk-20.0.2.0.9-1.rolling.2.mga9 - 8/core/java-1.8.0-openjdk-1.8.0.382.b05-1.mga8 - 8/core/java-11-openjdk-11.0.20.0.8-1.mga8 - 8/core/openjfx-11.0.9.2-4.mga8 . Java libraries enhanced to fix vulnerabilities, particularly concerning TLS issues in Mageia operating systems. Discover further details here.. Java Security Update,Mageia Vulnerabilities,TLS Issues,File Conflict Management. .LinuxSecurity.com Team

Calendar%202 Sep 30, 2023 Mageia
98

Red Hat: RHSA-2023:1906-01 Important: OpenJDK TLS Connection Issues

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2023:1906-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1906 Issue date: 2023-04-25 CVE Names: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters(8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474) 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191) 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310) 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832) 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622) 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.6): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_6.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_6.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.x86_64.rpm Red Hat CodeReady Linux Builder EUS(v.8.6): aarch64: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm ppc64le: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm x86_64: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-21930 https://access.redhat.com/security/cve/CVE-2023-21937 https://access.redhat.com/security/cve/CVE-2023-21938 https://access.redhat.com/security/cve/CVE-2023-21939 https://access.redhat.com/security/cve/CVE-2023-21954 https://access.redhat.com/security/cve/CVE-2023-21967 https://access.redhat.com/security/cve/CVE-2023-21968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEdq8dzjgjWX9erEAQhfBBAAiyRmD6bsiVqSCbjbaRKe1zeqYVsZzfvB AZfMufFAjgkBsVQ7jUZ5u/Bcjne9DH2MO2K5FP7QgXDoV/vG13iKbi5YVWAt3mhM 0x3cDyN5WsKKo/lgaCi4GAKwM11CW082pH+hISbdlk6qxjDbbLJmkD+x9S7ntV80 QAxynMa3v6otAfqCD/Uj95pcrY3JhZuv3pcQcgDgjL5pyWmqB5EGFmahRMQzmgwd fJRwBoqi6xRDsYIjOB15TURLoT8CbScVrSvuDcevSQELp2emGmS6OpeXl9yCin/5 hJFTgqBbOE5CjW4iy7ZBMl0XwqhNgAwhTXzGTmPCUE6lO/Qxb6Y82xsi0lNA9B1x khBAYBWPcANN3X7hq4kqjIZDBrGMBVSXbQjiybQvfZ6BMbXl6KfkEgOOV5DX9NV3 TUwaXVQi++1ZPhJviej6tjGHwUJjFrMnaTbJ6AjWaPyZTmEocBF5qrICC2AGITI4 g4qRIuZKj5A1Pb3UTQI778tbFvwIWUPkJdu3Xl0acAxycZcKtzJhP2obsgxe0RIP 7IBmWhidBcHScTS+WhBWaYFT/wSVoBTroinckANHZTBr263cKk9axI2embLwKatP ecalaoE8Gnced2lGX3/PzIP1sNgfMwg2/TsaRg/xB57WQa/ctYnY/w7mhZeHQuFS V/G0qvDvl+k=MULa -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle reveals a significant patch for python-3.9 addressing severe vulnerabilities in data handling and encryption weaknesses.. Red Hat, Java Security Update, OpenJDK Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 25, 2023 Important Red Hat
98

RedHat: 2023:1904-1 Critical Update for OpenJDK TLS Vulnerability Alert

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security and bug fix update Advisory ID: RHSA-2023:1904-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1904 Issue date: 2023-04-25 CVE Names: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake(8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Native code within the OpenJDK code base attempted to call close() on a file descriptor repeatedly if it returned the error code, EINTR. However, the close() native call is not restartable and this caused the virtual machine to crash. The close() call is now only made once. (RHBZ#2159458) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2159458 - Do not restart close if errno is EINTR [rhel-7.9.z] 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474) 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191) 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310) 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832) 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622) 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-pathconversion (8298667) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise LinuxServer Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-21930 https://access.redhat.com/security/cve/CVE-2023-21937 https://access.redhat.com/security/cve/CVE-2023-21938 https://access.redhat.com/security/cve/CVE-2023-21939 https://access.redhat.com/security/cve/CVE-2023-21954 https://access.redhat.com/security/cve/CVE-2023-21967 https://access.redhat.com/security/cve/CVE-2023-21968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZEdq29zjgjWX9erEAQiy9A/8CDu49/+VKUO0AUxBYzo5zUSDNdonPLPy 5Ca5WKFB1Awx2+rj3zfdhaApgRZoLVn58itoNr3Yx3ZUJyWZftO24pPpkBnQWLZ7 o+hnPMbtN8eR6BjQ2Da0bJR3RC9JRohlA8ADDNzIE4F9HhXDyzyDTVMC6rq7tkvL TgOrgsDIf+pXWUtfV06VmpCVvMPqFJiUEyjI5VLq8rQmVu73Kw78pTtr8rIoaZRO NkQWWmt++UWQyFyaMtjvCwrNC/+dQwgr+VtGGX2g2koH2kpPBg9YV6tndLz6dxTR sOysPAIIiszvdfxq6tWMSk7TcT0wdEqKjHFXiUapGLJceL9k9Sf+fnca6njIAXbD ZnZvuVyQe+oa3oP6A69QvV+0lKfAcyKUZUnh3veP20k4xrkos66bm6tsozs+almX vkMEAJlbw+vFH1nBw25Om4TPnrxRY/cBX1gd2fY+SqGHxIZGw5ytono2OBYLSWpt aABmiFB1Pei8nIFXZxz7mtBshrxf6g9QpUy7mhOD3nKogR45zfmCY3DecY2AxDFz V/kUduHLzSK6pwZAXK3VfLSCJc0Jd4wbnmyIUTb5vv55Cyk35zFsivFOo8r7aCDb h8Ns/MBE65dCLtIayWyhdQqMWi+ttQ9+Jhxl5Hqs8br+rMY4skVv7eGkPTxb3Si5 37F/A+KirO0=BL4D -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical patch for java-1.8.0-openjdk on RHEL tackles vulnerabilities and fixes bugs.. Java Update, OpenJDK Security, RedHat Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 25, 2023 Important Red Hat
100

SUSE: 2022:2876-1 Important Security Update for gfbgraph TLS Issues

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for gfbgraph ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2876-1 Rating: important References: #1189850 Cross-References: CVE-2021-39358 CVSS scores: CVE-2021-39358 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-39358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gfbgraph fixes the following issues: - CVE-2021-39358: Fixed missing TLS certificate verification (bsc#1189850). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2876=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2876=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2876=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-39358.html https://bugzilla.suse.com/1189850 . Crucial SUSE Security Patch for gfbgraph Issued to Address TLS Authentication Issues. gfbgraph Security Update,TLS Verification Issue,SUSE Updates,Important Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 23, 2022 Important SuSE
100

SUSE: 2021:0955-2 Important: OpenSSL-1_1 Denial Of Service

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0955-2 Rating: important References: #1183852 Cross-References: CVE-2021-3449 CVSS scores: CVE-2021-3449 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2389=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.20.1 libopenssl1_1-1.1.1d-11.20.1 libopenssl1_1-debuginfo-1.1.1d-11.20.1 libopenssl1_1-hmac-1.1.1d-11.20.1 openssl-1_1-1.1.1d-11.20.1 openssl-1_1-debuginfo-1.1.1d-11.20.1 openssl-1_1-debugsource-1.1.1d-11.20.1 -SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-11.20.1 libopenssl1_1-32bit-1.1.1d-11.20.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.20.1 libopenssl1_1-hmac-32bit-1.1.1d-11.20.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (noarch): openssl-1_1-doc-1.1.1d-11.20.1 References: https://www.suse.com/security/cve/CVE-2021-3449.html https://bugzilla.suse.com/1183852 . The latest openssl-1_1 update resolves major security vulnerabilities affecting SUSE Linux components. Crucial patches have been released.. SUSE Linux Updates, OpenSSL Security, Security Fixes, TLS Issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2022 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200