Lucene search
CloudLinuxCLSA-2023:1688679628HistoryJul 06, 2023 - 9:40 p.m.
java-1.8.0-openjdk: Fix of 7 CVEs
2023-07-0621:40:45
repo.cloudlinux.com
20
java-1.8.0-openjdk
cves
upgrade
openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07
tls handshake
string checks
processbuilder
swing html parsing
garbage collector
certificate validation
uri-to-path conversion
tzdata requirement
jdk-8305113
jdk-8271199 fix
unix
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.002
Percentile
53.6%
- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs:
- CVE-2023-21930: Improper connection handling during TLS handshake (8294474)
- CVE-2023-21937: Missing string checks for NULL characters (8296622)
- CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder (8295304)
- CVE-2023-21939: Swing HTML parsing issue (8296832)
- CVE-2023-21954: Incorrect enqueue of references in garbage collector (8298191)
- CVE-2023-21967: Certificate validation issue in TLS session negotiation (8298310)
- CVE-2023-21968: Missing check for slash characters in URI-to-path conversion (8298667)
- Update tzdata requirement to 2023c to match JDK-8305113
- Include JDK-8271199 fix from the upcoming jdk8u382 in advance
- Remove patches which are not used
Related
nessus
nessus
Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2023-2038)
2023-05-17 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openjdk (SUSE-SU-2023:2242-2)
2023-06-25 00:00:00
Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2023-1904)
2023-04-25 00:00:00
osv
osv
Important: java-17-openjdk security and bug fix update
2023-04-26 15:28:57
Important: java-17-openjdk security and bug fix update
2023-04-26 15:28:13
java-1_8_0-openjdk-1.8.0.372-1.1 on GA media
2024-06-15 00:00:00
redhat
redhat
(RHSA-2023:1880) Important: java-11-openjdk security update
2023-04-19 15:17:29
(RHSA-2023:1899) Important: java-11-openjdk security update
2023-04-20 02:38:54
(RHSA-2023:1895) Important: java-11-openjdk security update
2023-04-20 01:51:53
amazon
amazon
Important: java-17-amazon-corretto
2023-04-27 18:36:00
Important: java-1.8.0-openjdk
2023-05-11 17:49:00
Important: java-11-amazon-corretto
2023-04-27 18:36:00
almalinux
almalinux
Important: java-1.8.0-openjdk security and bug fix update
2023-04-25 00:00:00
Important: java-17-openjdk security and bug fix update
2023-04-19 00:00:00
Important: java-11-openjdk security update
2023-04-20 00:00:00
ibm
ibm
centos
centos
java security update
2023-04-24 14:47:41
java security update
2023-07-27 14:42:14
rocky
rocky
java-1.8.0-openjdk security and bug fix update
2023-04-26 15:28:57
java-11-openjdk security update
2023-04-26 15:28:43
java-17-openjdk security and bug fix update
2023-04-26 15:28:13
oraclelinux
oraclelinux
java-17-openjdk security and bug fix update
2023-04-20 00:00:00
java-11-openjdk security update
2023-04-20 00:00:00
java-1.8.0-openjdk security update
2023-04-25 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2222-1)
2023-05-17 00:00:00
CentOS: Security Advisory for java-11-openjdk (CESA-2023:1875)
2023-04-26 00:00:00
CentOS: Security Advisory for java (CESA-2023:1904)
2023-07-30 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2023-05-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2213
2023-08-08 08:57:46
kaspersky
kaspersky
KLA48970 Multiple vulnerabilities in Oracle Java SE and GraalVM
2023-04-18 00:00:00
debian
debian
[SECURITY] [DSA 5430-1] openjdk-17 security update
2023-06-16 12:03:01
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.002
Percentile
53.6%
Related for CLSA-2023:1688679628