CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
68.2%
The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954) Certificate validation issue in TLS session negotiation. (CVE-2023-21967) Swing HTML parsing issue. (CVE-2023-21939) Incorrect handling of NULL characters in ProcessBuilder. (CVE-2023-21938) Missing string checks for NULL characters. (CVE-2023-21937) Missing check for slash characters in URI-to-path conversion. (CVE-2023-21968) Array indexing integer overflow issue. (CVE-2023-22045) Improper handling of slash characters in URI-to-path conversion. (CVE-2023-22049) O(n^2) growth via consecutive marks. (CVE-2023-25193) HTTP client insufficient file name validation. (CVE-2023-22006) ZIP file parsing infinite loop. (CVE-2023-22036) Modulo operator array indexing issue. (CVE-2023-22044) Weakness in AES implementation. (CVE-2023-22041)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | java | < 1.8.0-openjdk-1.8.0.382.b05-1 | java-1.8.0-openjdk-1.8.0.382.b05-1.mga8 |
Mageia | 8 | noarch | java | < 11-openjdk-11.0.20.0.8-1 | java-11-openjdk-11.0.20.0.8-1.mga8 |
Mageia | 8 | noarch | openjfx | < 11.0.9.2-4 | openjfx-11.0.9.2-4.mga8 |
Mageia | 9 | noarch | java | < 1.8.0-openjdk-1.8.0.382.b05-1 | java-1.8.0-openjdk-1.8.0.382.b05-1.mga9 |
Mageia | 9 | noarch | java | < 11-openjdk-11.0.20.0.8-1 | java-11-openjdk-11.0.20.0.8-1.mga9 |
Mageia | 9 | noarch | java | < 17-openjdk-17.0.8.0.7-1 | java-17-openjdk-17.0.8.0.7-1.mga9 |
Mageia | 9 | noarch | java-latest-openjdk | < 20.0.2.0.9-1.rolling.2 | java-latest-openjdk-20.0.2.0.9-1.rolling.2.mga9 |
access.redhat.com/errata/RHBA-2023:4374
access.redhat.com/errata/RHSA-2023:1880
access.redhat.com/errata/RHSA-2023:1904
access.redhat.com/errata/RHSA-2023:4169
access.redhat.com/errata/RHSA-2023:4178
bugs.mageia.org/show_bug.cgi?id=32203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25193
www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA