Issued:: 2023-04-19
Updated:: 2023-04-19

RHSA-2023:1878 - Security Advisory

Overview
Updated Packages

Synopsis

Important: java-11-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

BZ - 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)
BZ - 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)
BZ - 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)
BZ - 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)
BZ - 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
BZ - 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)
BZ - 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
java-11-openjdk-11.0.19.0.7-1.el8_1.src.rpm	SHA-256: ecb86185741b4f10384f6ab4c40bd89d135408ca41ebb3a3d23a568aa61358c0
ppc64le
java-11-openjdk-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: d59515337446134e79ffa2de7033f2a0f408ad78844dd58c5bd29c3f032eb1ba
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 1cb25b8885f59ca46d180435a315857a77683a2d97a06c515929a4e185ad1c2f
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: b2b8cbde36c78bb14cdf823c3e7bd6ad0c713c69a9e075054a3201868ea3f532
java-11-openjdk-demo-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: ffa360df7856b2e8a3c7340a31b2f6a1221251d6bcc17d4b381f0c6903f6757b
java-11-openjdk-devel-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: d7b46722645396ddf12e0c02d9166ae42ff8678a4044064b69f288f27f28a494
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 5d56bf9b97f10303cf7faaeb993df542e3c798fb245a90c457b3235837299597
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 847821513030f1819d8b06eb6a9168c25c217ed687ad43abcd8e1f9cd6215b43
java-11-openjdk-headless-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 945ca4a841a530d6638d8a01dfebddb525715a39ba10fbab4e0a40dd1f1955b9
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 8c05a6ca920e8c5df1d097bb69438d0bda0af39bf6783b7dc40788eb6da4beec
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 2eba4ed643c833cb4650b5412c5bdd95af4d5ce167cb8b24d0b409222cc104bc
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: bea3e0c5d14cff0fdc06cf85e535060ec68f4fe34832e523067a7090c534ffd1
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 71d9a25f072a7ce1813922d1b7c6b82fd8bb0a297cf61c6f9ec71542e5dcedd2
java-11-openjdk-jmods-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 73042dc75aba5f075d9a191d005f3848e07bc8063038a84a260874ae359cfb93
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: 5fa557456fe4b16de54012626465bcc30426ab2527ce17a6b784bfc872f0575e
java-11-openjdk-src-11.0.19.0.7-1.el8_1.ppc64le.rpm	SHA-256: ca21060d73e817150fd9caeaaefc148322562da69bc08ab4cb62f6b159a8970e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
java-11-openjdk-11.0.19.0.7-1.el8_1.src.rpm	SHA-256: ecb86185741b4f10384f6ab4c40bd89d135408ca41ebb3a3d23a568aa61358c0
x86_64
java-11-openjdk-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 646608f6a9d397199ee5eafaaa2e3f23a301f63bf503adcec6b58a7ce25e5973
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 9a793ad4552b49ce6b76c779dc6a2b5b118c4572f4f69f3372e24f7232a8d7f8
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: fb2cdd947ad8f166e69efb1d47717c01914fa7c915b6fe2f38644157a5942299
java-11-openjdk-demo-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 170ed0c0ef17f9a1d6202a0d05497954cf60eb9c1a9d337d600407e3e95513f3
java-11-openjdk-devel-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 67586ff9ea400661190fc5ce42ec4b12f652825f0a3090760b1e862946d8d268
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 208459c66f6e12c90cf6ac9531a0e3dae9003cb9f510fa6dff6fc023b6ecee2b
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: ed3432ec8a189501cd32c709ada72c85d008e7a2091824bc782de903f1c8b54c
java-11-openjdk-headless-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: b22d14abdb4f3eafe684fb601e5bb43f9709d9686ae05e91863d0d3c5df63734
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 0f01b07d8a4f01439ec5f7690a7ba747d878b2b408475959c6d90160a54408db
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: a4bc5e182cfc5677944076dbb3e7097ef709459abeb16e926aa5dde652f941ab
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: c22f94b71e0a35c675bf0fae0f17d2e635fa8556035f95d8e0c789401dccbec6
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: d313e67535466027f5eec52b8e1ddd106f0f95d06e87a995048dfc3d4f9491ea
java-11-openjdk-jmods-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: f23ed5e711586b88ed09be78ab20e9653a30d14bd99b0279120a379e74471eaf
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 110f98808af5c21f1c670bd2a70fc73a75518432c38aab24cb30bf16cf7fae73
java-11-openjdk-src-11.0.19.0.7-1.el8_1.x86_64.rpm	SHA-256: 1cdafa991cfed1a42560ff8ad0a1854b43767c2dcc25cec6ee95bde626bf3789

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation