- Issued:
- 2023-07-19
- Updated:
- 2023-07-19
RHSA-2023:4165 - Security Advisory
Synopsis
Moderate: java-11-openjdk security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
- OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
- OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
- OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- A virtual machine crash was observed in JDK 11.0.19 when executing the GregorianCalender.computeTime() method (JDK-8307683). It was found that although the root cause of the crash is an old issue, a recent fix for a rare issue in the C2 compiler (JDK-8297951) made the crash much more likely. To mitigate this, the fix has been reverted in JDK 11.0.20 and will be reapplied once JDK-8307683 is resolved. (RHBZ#2222497)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks
- BZ - 2221619 - OpenJDK: font processing denial of service vulnerability (8301998)
- BZ - 2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)
- BZ - 2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)
- BZ - 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
- BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
- BZ - 2222497 - SIGSEGV (duplicated predicate failed) in java.util.GregorianCalendar.computeTime() [rhel-8, openjdk-11] [rhel-8.1.0.z]
- BZ - 2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
| SRPM | |
|---|---|
| java-11-openjdk-11.0.20.0.8-1.el8_1.src.rpm | SHA-256: aeca18c95a3dba4de881e021bdb086947abfb894d7d9766a5198fb14fd4261de |
| ppc64le | |
| java-11-openjdk-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: e14f57c9c91f05d0e9271fab397f9c41d79a4e7e00eef2ebc17c89354df512ed |
| java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: 0cc663002116ed09cf5d648ee8dc62264c14370df15656ad0edbdb096d6d3f8b |
| java-11-openjdk-debugsource-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: 5f7e63cc1e9bfd42ec278eee4fc12e22338d6cc70c72199269f37c1b213163af |
| java-11-openjdk-demo-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: cc799351c243416d9fa67671163ef4e0473a73478eb48909ebdd8dddc5a46db8 |
| java-11-openjdk-devel-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: 1379e347bcd9900eecb293ae110d30d15b56b210918cafa1bbe246a28133a624 |
| java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: 398b0c6614de994b7d60f90035059998bbf4b2018573485f6faff057d4bb1c83 |
| java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: e808a516628e004657bb7d8191b3c1526de5f2e871a440c3628f7e8e2ce3ddfe |
| java-11-openjdk-headless-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: a4d08d9e8db7b79d558d932ba0857b5a068795ead9164d76867830d95e8f1a14 |
| java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: 4ddbaace56020a2f844bf1f3521ccd36a43720590c6ffc7414402d3a83665f80 |
| java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: 49c7b3c56f2ff269deb4b760afeb9f557523fa1b1821868bea802fd4d803e5e2 |
| java-11-openjdk-javadoc-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: c450feae2c5fde948b5eef43ff1c9d237c5fc3012377b908a2de44cc173ab2ff |
| java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: a73e5c91bb827fe7a9abe4906adea2d8861af24b8013ab85683f87ae8f4793dd |
| java-11-openjdk-jmods-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: b62cfc029cae2053d8acb58c52dea6e04bb092e0c8f5de98fbb7edc3043c4ce5 |
| java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: 86f2be7e43534fd279d51d447eff62e41e944d37c97beb73df2bf15e82bd53f5 |
| java-11-openjdk-src-11.0.20.0.8-1.el8_1.ppc64le.rpm | SHA-256: d7322e188008986a139da14d599b56dae39630498a1b1c1e7784c1568914e99a |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
| SRPM | |
|---|---|
| java-11-openjdk-11.0.20.0.8-1.el8_1.src.rpm | SHA-256: aeca18c95a3dba4de881e021bdb086947abfb894d7d9766a5198fb14fd4261de |
| x86_64 | |
| java-11-openjdk-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: e374567e49a87ec30559fdb9a5288c0894993f177e4b9b51bc6218a30a1eb7a2 |
| java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 0ebc9c413ca42318d8c2987ccc7deeb6b00d3825f78353c38be8616a8c9a2e93 |
| java-11-openjdk-debugsource-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: aee6bbd07b7e7cf4bd3da117e3fae91e894321123a694a5356b2f69e5a256184 |
| java-11-openjdk-demo-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 23905799df12cdbf4da4e738e868bab66eb268f2ada32b0f34cc75b65d0fff6a |
| java-11-openjdk-devel-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 2b5874d4af3f37705c5eada59c4a73b50b828f7d45bbf57b2adaba910575c138 |
| java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: fbc90f4c8110292000e94a02dac36fdb632f58a78e890b1bd773147778fb0442 |
| java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 7212b4bb73e8fd96cb6d630e15faecd37063888774fbaad7c3f6d5dd4ee23dcc |
| java-11-openjdk-headless-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 8e1aa3614a73eacbcb087e0bbff2b72d3ac6570529c26625404e086695cdc192 |
| java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 22dc65a57ee1ad9fd4e9729c9bef3f33db4e876b9a394e4f3c35d078d72bb4cb |
| java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 7fbb50264b5f99563b95d56cf2b687f73139281e1fb9e7e4e91f8ff2ade20614 |
| java-11-openjdk-javadoc-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 3b72d205bf9ee0d41cd4efe8f88268a703a5fbdd84333505a3de4d3c29fd0a66 |
| java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 3c1370a4c959a33d8b2d83868ca74e2d7028fbd6a97e72772206f28c6a955fc5 |
| java-11-openjdk-jmods-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: fc037b93c1f68b4dd156118cdcb5686df4622f0f6344294d648b911279390daa |
| java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: 7dc35abb3d07b5b02b340a8f0bba1deaca814d890c7d85e326ab1733c093c04e |
| java-11-openjdk-src-11.0.20.0.8-1.el8_1.x86_64.rpm | SHA-256: f0e612f33fb6f9655b4a4de8109359e31917600e0adfae2e7c0019bedc723570 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
