Lucene search
Basic search
Lucene search
Search by product
Subscribe
K
Start 30-day trial
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
SIGN IN
OracleLinux
ELSA-2023-4177
History
Jul 28, 2023 - 12:00 a.m.
Vulners
/
Oraclelinux
/
java-17-openjdk security and bug fix update
java-17-openjdk security and bug fix update
2023-07-28
00:00:00
linux.oracle.com
76
java-17-openjdk
security update
bug fix
zip file parsing
aes implementation weakness
uri-to-path conversion
o(n^2) growth
http client file name validation
modulo operator
array indexing integer overflow
EPSS
0.003
Percentile
68.2%
JSON
[1:17.0.8.0.7-2.0.1]
OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
Add Oracle vendor bug URL [Orabug: 34340155]
[1:17.0.8.0.6-0.1.ea]
Update to jdk-17.0.8+6 (EA)
Sync the copy of the portable specfile with the latest update
Resolves: rhbz#2217716
[1:17.0.8.0.1-0.1.ea]
Update to jdk-17.0.8+1 (EA)
Update release notes to 17.0.8+1
Switch to EA mode
Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1
Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1.
Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1
Use tapsets from the misc tarball
Introduce ‘prelease’ for the portable release versioning, to handle EA builds
Make sure root installation directory is created first
Use in-place substitution for all but the first of the tapset changes
Related: rhbz#2217716
[1:17.0.7.0.7-4]
Introduce vm_variant global for consistency with future JDK builds
Related: rhbz#2203412
[1:17.0.7.0.7-4]
Exclude classes_nocoops.jsa on i686 and arm32
Related: rhbz#2203412
[1:17.0.7.0.7-4]
Following JDK-8005165, class data sharing can be enabled on all JIT architectures
Related: rhbz#2203412
[1:17.0.7.0.7-4]
Fix packaging of CDS archives
Resolves: rhbz#2203412
Affected Package
OS
Version
Architecture
Package
Version
Filename
oracle linux
9
src
java-17-openjdk
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm
oracle linux
9
aarch64
java-17-openjdk
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-demo
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-demo-fastdebug
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-demo-slowdebug
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-devel
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-devel-fastdebug
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-devel-slowdebug
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-fastdebug
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
oracle linux
9
aarch64
java-17-openjdk-headless
< 17.0.8.0.7-2.0.1.el9
java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.aarch64.rpm
Rows per page:
10
1-10 of 48
1
Related
nessus 64
almalinux 6
ubuntu 3
osv 15
openvas 23
redhat 30
oraclelinux 7
gentoo 1
debian 2
ibm 41
amazon 2
kaspersky 1
mageia 1
cloudlinux 1
rocky 2
nessus
nessus
64
RHEL 8 : java-17-openjdk (RHSA-2023:4170)
2023-07-20 00:00:00
Amazon Corretto Java 17.x < 17.0.8.7.1 Multiple Vulnerabilities
2023-07-18 00:00:00
RHEL 9 : java-17-openjdk (RHSA-2023:4177)
2023-07-20 00:00:00
almalinux
almalinux
6
Moderate: java-17-openjdk security and bug fix update
2023-07-20 00:00:00
Moderate: java-17-openjdk security and bug fix update
2023-07-20 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
ubuntu
ubuntu
OpenJDK 20 vulnerabilities
2023-08-03 00:00:00
OpenJDK regression
2023-08-30 00:00:00
OpenJDK vulnerabilities
2023-08-01 00:00:00
osv
osv
15
Moderate: java-17-openjdk security and bug fix update
2023-07-20 00:00:00
java-11-openjdk-11.0.20.0-1.1 on GA media
2024-06-15 00:00:00
openjdk-8, openjdk-lts, openjdk-17 vulnerabilities
2023-08-01 07:53:27
openvas
openvas
23
openSUSE: Security Advisory for java (SUSE-SU-2023:3287-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6263-1)
2023-08-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3287-1)
2023-08-11 00:00:00
redhat
redhat
30
(RHSA-2023:4169) Moderate: java-17-openjdk security update
2023-07-19 16:35:44
(RHSA-2023:4211) Moderate: OpenJDK 17.0.8 Security Update for Windows Builds
2023-07-20 11:59:16
(RHSA-2023:4177) Moderate: java-17-openjdk security and bug fix update
2023-07-20 11:24:23
oraclelinux
oraclelinux
7
java-17-openjdk security and bug fix update
2023-07-26 00:00:00
java-11-openjdk security and bug fix update
2023-07-26 00:00:00
java-11-openjdk security and bug fix update
2023-07-21 00:00:00
gentoo
gentoo
HarfBuzz: Denial of Service
2024-07-10 00:00:00
debian
debian
[SECURITY] [DSA 5458-1] openjdk-17 security update
2023-07-25 18:52:56
[SECURITY] [DLA 3571-1] openjdk-11 security update
2023-09-19 07:45:23
ibm
ibm
41
Security Bulletin: TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE
2024-07-08 17:50:18
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045)
2024-04-09 19:59:29
Security Bulletin: Multiple security vulnerabilities in Java affect IBM Robotic Process Automation
2023-11-22 20:50:55
amazon
amazon
Medium: java-17-amazon-corretto
2023-07-17 17:39:00
Medium: java-11-amazon-corretto
2023-07-17 17:39:00
kaspersky
kaspersky
KLA51006 Multiple vulnerabilities in Oracle Java SE and GraalVM
2023-07-18 00:00:00
mageia
mageia
Updated java packages fix security vulnerabilities
2023-09-30 22:15:40
cloudlinux
cloudlinux
java-1.8.0-openjdk: Fix of 2 CVEs
2023-08-03 16:57:30
rocky
rocky
java-1.8.0-openjdk security and bug fix update
2023-08-08 12:34:57
java-1.8.0-openjdk security and bug fix update
2023-08-08 12:34:39
EPSS
0.003
Percentile
68.2%
JSON
Related for ELSA-2023-4177
nessus
64
almalinux
6
ubuntu
3
osv
15
openvas
23
redhat
30
oraclelinux
7
gentoo
1
debian
2
ibm
41
amazon
2
kaspersky
1
mageia
1
cloudlinux
1
rocky
2