Gentoo FoundationMGASA-2023-0272Updated java packages fix security vulnerabilities
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
68.2%
The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954) Certificate validation issue in TLS session negotiation. (CVE-2023-21967) Swing HTML parsing issue. (CVE-2023-21939) Incorrect handling of NULL characters in ProcessBuilder. (CVE-2023-21938) Missing string checks for NULL characters. (CVE-2023-21937) Missing check for slash characters in URI-to-path conversion. (CVE-2023-21968) Array indexing integer overflow issue. (CVE-2023-22045) Improper handling of slash characters in URI-to-path conversion. (CVE-2023-22049) O(n^2) growth via consecutive marks. (CVE-2023-25193) HTTP client insufficient file name validation. (CVE-2023-22006) ZIP file parsing infinite loop. (CVE-2023-22036) Modulo operator array indexing issue. (CVE-2023-22044) Weakness in AES implementation. (CVE-2023-22041)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | java | < 1.8.0-openjdk-1.8.0.382.b05-1 | java-1.8.0-openjdk-1.8.0.382.b05-1.mga8 |
| Mageia | 8 | noarch | java | < 11-openjdk-11.0.20.0.8-1 | java-11-openjdk-11.0.20.0.8-1.mga8 |
| Mageia | 8 | noarch | openjfx | < 11.0.9.2-4 | openjfx-11.0.9.2-4.mga8 |
| Mageia | 9 | noarch | java | < 1.8.0-openjdk-1.8.0.382.b05-1 | java-1.8.0-openjdk-1.8.0.382.b05-1.mga9 |
| Mageia | 9 | noarch | java | < 11-openjdk-11.0.20.0.8-1 | java-11-openjdk-11.0.20.0.8-1.mga9 |
| Mageia | 9 | noarch | java | < 17-openjdk-17.0.8.0.7-1 | java-17-openjdk-17.0.8.0.7-1.mga9 |
| Mageia | 9 | noarch | java-latest-openjdk | < 20.0.2.0.9-1.rolling.2 | java-latest-openjdk-20.0.2.0.9-1.rolling.2.mga9 |
References
access.redhat.com/errata/RHBA-2023:4374
access.redhat.com/errata/RHSA-2023:1880
access.redhat.com/errata/RHSA-2023:1904
access.redhat.com/errata/RHSA-2023:4169
access.redhat.com/errata/RHSA-2023:4178
bugs.mageia.org/show_bug.cgi?id=32203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25193
www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
68.2%