Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:4165 - Security Advisory
Issued:
2023-07-19
Updated:
2023-07-19

RHSA-2023:4165 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: java-11-openjdk security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
  • OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
  • OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
  • harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
  • OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
  • OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • A virtual machine crash was observed in JDK 11.0.19 when executing the GregorianCalender.computeTime() method (JDK-8307683). It was found that although the root cause of the crash is an old issue, a recent fix for a rare issue in the C2 compiler (JDK-8297951) made the crash much more likely. To mitigate this, the fix has been reverted in JDK 11.0.20 and will be reapplied once JDK-8307683 is resolved. (RHBZ#2222497)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks
  • BZ - 2221619 - OpenJDK: font processing denial of service vulnerability (8301998)
  • BZ - 2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)
  • BZ - 2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)
  • BZ - 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)
  • BZ - 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
  • BZ - 2222497 - SIGSEGV (duplicated predicate failed) in java.util.GregorianCalendar.computeTime() [rhel-8, openjdk-11] [rhel-8.1.0.z]
  • BZ - 2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)

CVEs

  • CVE-2023-22006
  • CVE-2023-22036
  • CVE-2023-22041
  • CVE-2023-22045
  • CVE-2023-22049
  • CVE-2023-25193

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
java-11-openjdk-11.0.20.0.8-1.el8_1.src.rpm SHA-256: aeca18c95a3dba4de881e021bdb086947abfb894d7d9766a5198fb14fd4261de
ppc64le
java-11-openjdk-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: e14f57c9c91f05d0e9271fab397f9c41d79a4e7e00eef2ebc17c89354df512ed
java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: 0cc663002116ed09cf5d648ee8dc62264c14370df15656ad0edbdb096d6d3f8b
java-11-openjdk-debugsource-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: 5f7e63cc1e9bfd42ec278eee4fc12e22338d6cc70c72199269f37c1b213163af
java-11-openjdk-demo-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: cc799351c243416d9fa67671163ef4e0473a73478eb48909ebdd8dddc5a46db8
java-11-openjdk-devel-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: 1379e347bcd9900eecb293ae110d30d15b56b210918cafa1bbe246a28133a624
java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: 398b0c6614de994b7d60f90035059998bbf4b2018573485f6faff057d4bb1c83
java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: e808a516628e004657bb7d8191b3c1526de5f2e871a440c3628f7e8e2ce3ddfe
java-11-openjdk-headless-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: a4d08d9e8db7b79d558d932ba0857b5a068795ead9164d76867830d95e8f1a14
java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: 4ddbaace56020a2f844bf1f3521ccd36a43720590c6ffc7414402d3a83665f80
java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: 49c7b3c56f2ff269deb4b760afeb9f557523fa1b1821868bea802fd4d803e5e2
java-11-openjdk-javadoc-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: c450feae2c5fde948b5eef43ff1c9d237c5fc3012377b908a2de44cc173ab2ff
java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: a73e5c91bb827fe7a9abe4906adea2d8861af24b8013ab85683f87ae8f4793dd
java-11-openjdk-jmods-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: b62cfc029cae2053d8acb58c52dea6e04bb092e0c8f5de98fbb7edc3043c4ce5
java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: 86f2be7e43534fd279d51d447eff62e41e944d37c97beb73df2bf15e82bd53f5
java-11-openjdk-src-11.0.20.0.8-1.el8_1.ppc64le.rpm SHA-256: d7322e188008986a139da14d599b56dae39630498a1b1c1e7784c1568914e99a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
java-11-openjdk-11.0.20.0.8-1.el8_1.src.rpm SHA-256: aeca18c95a3dba4de881e021bdb086947abfb894d7d9766a5198fb14fd4261de
x86_64
java-11-openjdk-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: e374567e49a87ec30559fdb9a5288c0894993f177e4b9b51bc6218a30a1eb7a2
java-11-openjdk-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 0ebc9c413ca42318d8c2987ccc7deeb6b00d3825f78353c38be8616a8c9a2e93
java-11-openjdk-debugsource-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: aee6bbd07b7e7cf4bd3da117e3fae91e894321123a694a5356b2f69e5a256184
java-11-openjdk-demo-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 23905799df12cdbf4da4e738e868bab66eb268f2ada32b0f34cc75b65d0fff6a
java-11-openjdk-devel-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 2b5874d4af3f37705c5eada59c4a73b50b828f7d45bbf57b2adaba910575c138
java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: fbc90f4c8110292000e94a02dac36fdb632f58a78e890b1bd773147778fb0442
java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 7212b4bb73e8fd96cb6d630e15faecd37063888774fbaad7c3f6d5dd4ee23dcc
java-11-openjdk-headless-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 8e1aa3614a73eacbcb087e0bbff2b72d3ac6570529c26625404e086695cdc192
java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 22dc65a57ee1ad9fd4e9729c9bef3f33db4e876b9a394e4f3c35d078d72bb4cb
java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 7fbb50264b5f99563b95d56cf2b687f73139281e1fb9e7e4e91f8ff2ade20614
java-11-openjdk-javadoc-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 3b72d205bf9ee0d41cd4efe8f88268a703a5fbdd84333505a3de4d3c29fd0a66
java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 3c1370a4c959a33d8b2d83868ca74e2d7028fbd6a97e72772206f28c6a955fc5
java-11-openjdk-jmods-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: fc037b93c1f68b4dd156118cdcb5686df4622f0f6344294d648b911279390daa
java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: 7dc35abb3d07b5b02b340a8f0bba1deaca814d890c7d85e326ab1733c093c04e
java-11-openjdk-src-11.0.20.0.8-1.el8_1.x86_64.rpm SHA-256: f0e612f33fb6f9655b4a4de8109359e31917600e0adfae2e7c0019bedc723570

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our Privacy Policy effective July 1st, 2023.
Red Hat Summit Red Hat Summit
Twitter