Red Hat Product Errata RHSA-2023:5739 - Security Advisory
Issued:
2023-10-18
Updated:
2023-10-18

RHSA-2023:5739 - Security Advisory

Synopsis

Moderate: java-11-openjdk security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Additional validity checks in the handling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 11.0.20.1, allows for zero-length headers and additional padding produced by some Zip64 creation tools. With both releases, the checks can be disabled using -Djdk.util.zip.disableZip64ExtraFieldValidation=true. (RHBZ#2237173)
  • A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 11.0.20.1, increases it to 16 MB.
  • The serviceability agent would print an exception when encountering null addresses while producing thread dumps. These null values are now handled appropriately. (JDK-8243210, RHEL-2760)
  • The /usr/bin/jfr alternative is now owned by the java-11-openjdk package (RHEL-13556)
  • The jcmd tool is now provided by the java-11-openjdk-headless package, rather than java-11-openjdk-devel, to make it more accessible (RHEL-13563)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2237173 - Update to 11.0.20.1 Interim Release to Fix Regression in Zip64 Handling [rhel-8] [rhel-8.2.0.z]
  • BZ - 2243627 - CVE-2023-22081 OpenJDK: certificate path validation issue during client authentication (8309966)

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
java-11-openjdk-11.0.21.0.9-1.el8_2.src.rpm SHA-256: 4ae780f90d949cebcd7111b5d0f2656087d4d8b7f6deebd58d392d92e2140a5c
x86_64
java-11-openjdk-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: f93b05a6bff45d82da2edac3dc47a323966c4bba839ad58bbd2d2595bf3c582f
java-11-openjdk-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 61af86ddcf27c010bfb20199aab6c3e98dda21ad1d90d613ea29110adbc392da
java-11-openjdk-debugsource-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: bd88655f588e6751235600332d76ab7cffade11c0adfb3d4dbbba7e8af835162
java-11-openjdk-demo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 9a1a7e990e3056d8663ca283579d00781c35e87e7eb41f778fb5e25ca82509a3
java-11-openjdk-devel-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: b149643748d648ab99837112c18d0860cf8e7072b6076337fe271e442b5bfef1
java-11-openjdk-devel-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: d35cf6b5cdfa3d44f192f187b9760101d16182eab2fea280b3388d581007c21d
java-11-openjdk-headless-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 7dad27d1e4c24df57f6353f8408f2b80f46f2ff24d85adb1a8884c7b6e9dd448
java-11-openjdk-headless-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: d37d79c3fa25035ec244ba9c72e4c29694fe0b75bfac02216578d76541e9958c
java-11-openjdk-javadoc-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 8302db969a4bd6ec3887b69970b7bec3437520f281716f306697e0b2da514726
java-11-openjdk-javadoc-zip-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 72fb7ce8a4abfeac862af6a5098ecc7554c2f086388ab5258d4858e8b0403983
java-11-openjdk-jmods-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 556fb6d76cc53db02777e5a5cb7fea80fbbdc30b1e269209307c8dca7f875657
java-11-openjdk-src-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 3de642b429cfbeb5e1516a6629f32dd01cc220ae082245fd0c2287d7cc0c8468
java-11-openjdk-static-libs-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: ecca0f6016fedcb0ac8958398001ca2b19ec6751d3cceabae40b69615d8d4293

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
java-11-openjdk-11.0.21.0.9-1.el8_2.src.rpm SHA-256: 4ae780f90d949cebcd7111b5d0f2656087d4d8b7f6deebd58d392d92e2140a5c
x86_64
java-11-openjdk-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: f93b05a6bff45d82da2edac3dc47a323966c4bba839ad58bbd2d2595bf3c582f
java-11-openjdk-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 61af86ddcf27c010bfb20199aab6c3e98dda21ad1d90d613ea29110adbc392da
java-11-openjdk-debugsource-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: bd88655f588e6751235600332d76ab7cffade11c0adfb3d4dbbba7e8af835162
java-11-openjdk-demo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 9a1a7e990e3056d8663ca283579d00781c35e87e7eb41f778fb5e25ca82509a3
java-11-openjdk-devel-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: b149643748d648ab99837112c18d0860cf8e7072b6076337fe271e442b5bfef1
java-11-openjdk-devel-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: d35cf6b5cdfa3d44f192f187b9760101d16182eab2fea280b3388d581007c21d
java-11-openjdk-devel-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 25fc7ea0593ec3de6811cccad047a00151404870e31303ebe4ebcff5adc31f0d
java-11-openjdk-headless-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 7dad27d1e4c24df57f6353f8408f2b80f46f2ff24d85adb1a8884c7b6e9dd448
java-11-openjdk-headless-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: d37d79c3fa25035ec244ba9c72e4c29694fe0b75bfac02216578d76541e9958c
java-11-openjdk-headless-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: cb6e2ed8b9bcff7e8900d4eb5a0f393d7ff5c36489f9d3fc04992767f33af191
java-11-openjdk-javadoc-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 8302db969a4bd6ec3887b69970b7bec3437520f281716f306697e0b2da514726
java-11-openjdk-javadoc-zip-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 72fb7ce8a4abfeac862af6a5098ecc7554c2f086388ab5258d4858e8b0403983
java-11-openjdk-jmods-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 556fb6d76cc53db02777e5a5cb7fea80fbbdc30b1e269209307c8dca7f875657
java-11-openjdk-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 598b2377c135ae0cbb57629ec2a4fc98a040fba1c53fdc179cad96b659b3e42f
java-11-openjdk-src-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 3de642b429cfbeb5e1516a6629f32dd01cc220ae082245fd0c2287d7cc0c8468
java-11-openjdk-static-libs-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: ecca0f6016fedcb0ac8958398001ca2b19ec6751d3cceabae40b69615d8d4293

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
java-11-openjdk-11.0.21.0.9-1.el8_2.src.rpm SHA-256: 4ae780f90d949cebcd7111b5d0f2656087d4d8b7f6deebd58d392d92e2140a5c
ppc64le
java-11-openjdk-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 84554dc01a600ab9ee1a551b8faf732f493b92545791a7415f501087259681a1
java-11-openjdk-debuginfo-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 8f589140f81db5f4807bac2952e09c34826134689d0b4bae5c34577ad7b23d28
java-11-openjdk-debugsource-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 976674c321a696e03290e93aed187fab1d7f4e9bfd2c531305b9b364cd56c37e
java-11-openjdk-demo-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: d1f72a6ca4bf20843dee17cf2b100c16a580d6cc56e11f47a97815c170c5dc10
java-11-openjdk-devel-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 671d1c4819428623f9e89a7768c09edd6c9070e55c1c3fa526163529c2ac06ae
java-11-openjdk-devel-debuginfo-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 3b95e4154dcb706a8c14dfa3cbdf1d21086618292308bacdbfb5a66341eba10c
java-11-openjdk-devel-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: d59bba5b362177f6421a8eccb7ec9b64b65e134074e967984cbff29127fcacf3
java-11-openjdk-headless-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 59ff351b92a6b147815d650b06182f1f2319e4903954080b27a3014abb12212b
java-11-openjdk-headless-debuginfo-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 824c2512c77ce94f778dbc01b564fb391666899ea1a7fc1aed2e95fe15242c4a
java-11-openjdk-headless-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: b53fe932c33262cc89a49e77208e80d2acd9ba8369f8f2fccc7cbf8cada344b6
java-11-openjdk-javadoc-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: ce36929ab1750f1f24b9a25767e4578b74cf78794cfb88b274c3d35e76bdc9a1
java-11-openjdk-javadoc-zip-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 9059c96c4997329b7db3e5b1ab8db29afb7dfadd5eebdb968fb4f8eacc3ebf69
java-11-openjdk-jmods-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: dc22c94221f144e51ed75e0c021493dfb07a9a8256716851d12d1d6fc67fbc14
java-11-openjdk-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 784fb657c11f64b13a5da43467f08bffeb9c7ea75b3734a9a6b7c819c7114a0d
java-11-openjdk-src-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 18c8b7a6709f6ca6a2fd95545a1e38287fb2d15482f8fffbd8a94f2405235086
java-11-openjdk-static-libs-11.0.21.0.9-1.el8_2.ppc64le.rpm SHA-256: 995ee7e7e9c1aa98e52450c81210341a3ec39196f3dc304553f86f8205c50afb

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
java-11-openjdk-11.0.21.0.9-1.el8_2.src.rpm SHA-256: 4ae780f90d949cebcd7111b5d0f2656087d4d8b7f6deebd58d392d92e2140a5c
x86_64
java-11-openjdk-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: f93b05a6bff45d82da2edac3dc47a323966c4bba839ad58bbd2d2595bf3c582f
java-11-openjdk-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 61af86ddcf27c010bfb20199aab6c3e98dda21ad1d90d613ea29110adbc392da
java-11-openjdk-debugsource-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: bd88655f588e6751235600332d76ab7cffade11c0adfb3d4dbbba7e8af835162
java-11-openjdk-demo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 9a1a7e990e3056d8663ca283579d00781c35e87e7eb41f778fb5e25ca82509a3
java-11-openjdk-devel-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: b149643748d648ab99837112c18d0860cf8e7072b6076337fe271e442b5bfef1
java-11-openjdk-devel-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: d35cf6b5cdfa3d44f192f187b9760101d16182eab2fea280b3388d581007c21d
java-11-openjdk-devel-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 25fc7ea0593ec3de6811cccad047a00151404870e31303ebe4ebcff5adc31f0d
java-11-openjdk-headless-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 7dad27d1e4c24df57f6353f8408f2b80f46f2ff24d85adb1a8884c7b6e9dd448
java-11-openjdk-headless-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: d37d79c3fa25035ec244ba9c72e4c29694fe0b75bfac02216578d76541e9958c
java-11-openjdk-headless-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: cb6e2ed8b9bcff7e8900d4eb5a0f393d7ff5c36489f9d3fc04992767f33af191
java-11-openjdk-javadoc-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 8302db969a4bd6ec3887b69970b7bec3437520f281716f306697e0b2da514726
java-11-openjdk-javadoc-zip-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 72fb7ce8a4abfeac862af6a5098ecc7554c2f086388ab5258d4858e8b0403983
java-11-openjdk-jmods-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 556fb6d76cc53db02777e5a5cb7fea80fbbdc30b1e269209307c8dca7f875657
java-11-openjdk-slowdebug-debuginfo-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 598b2377c135ae0cbb57629ec2a4fc98a040fba1c53fdc179cad96b659b3e42f
java-11-openjdk-src-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: 3de642b429cfbeb5e1516a6629f32dd01cc220ae082245fd0c2287d7cc0c8468
java-11-openjdk-static-libs-11.0.21.0.9-1.el8_2.x86_64.rpm SHA-256: ecca0f6016fedcb0ac8958398001ca2b19ec6751d3cceabae40b69615d8d4293

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.