java-1.8.0-openjdk security and bug fix update

2023-08-0812:34:57

Rockylinux Product Errata

errata.rockylinux.org

update

java-1.8.0-openjdk

security

bug fix

rocky linux 9

common vulnerability scoring system

openjdk 8

cve

cvss

uri-to-path

array indexing

integer overflow

bz#2220662

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

28.0%

JSON

An update is available for java-1.8.0-openjdk.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-9] (BZ#2220662)

OSVersionArchitecturePackageVersionFilename
rocky9aarch64java-1.8.0-openjdk< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.aarch64.rpm
rocky9ppc64lejava-1.8.0-openjdk< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.ppc64le.rpm
rocky9s390xjava-1.8.0-openjdk< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.s390x.rpm
rocky9x86_64java-1.8.0-openjdk< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.x86_64.rpm
rocky9aarch64java-1.8.0-openjdk-debuginfo< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.aarch64.rpm
rocky9ppc64lejava-1.8.0-openjdk-debuginfo< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.ppc64le.rpm
rocky9s390xjava-1.8.0-openjdk-debuginfo< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.s390x.rpm
rocky9x86_64java-1.8.0-openjdk-debuginfo< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.x86_64.rpm
rocky9aarch64java-1.8.0-openjdk-debugsource< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-debugsource-1:1.8.0.382.b05-2.el9.aarch64.rpm
rocky9ppc64lejava-1.8.0-openjdk-debugsource< 1.8.0.382.b05-2.el9java-1.8.0-openjdk-debugsource-1:1.8.0.382.b05-2.el9.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	9	aarch64	java-1.8.0-openjdk	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.aarch64.rpm
rocky	9	ppc64le	java-1.8.0-openjdk	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.ppc64le.rpm
rocky	9	s390x	java-1.8.0-openjdk	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.s390x.rpm
rocky	9	x86_64	java-1.8.0-openjdk	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-1:1.8.0.382.b05-2.el9.x86_64.rpm
rocky	9	aarch64	java-1.8.0-openjdk-debuginfo	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.aarch64.rpm
rocky	9	ppc64le	java-1.8.0-openjdk-debuginfo	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.ppc64le.rpm
rocky	9	s390x	java-1.8.0-openjdk-debuginfo	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.s390x.rpm
rocky	9	x86_64	java-1.8.0-openjdk-debuginfo	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-debuginfo-1:1.8.0.382.b05-2.el9.x86_64.rpm
rocky	9	aarch64	java-1.8.0-openjdk-debugsource	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-debugsource-1:1.8.0.382.b05-2.el9.aarch64.rpm
rocky	9	ppc64le	java-1.8.0-openjdk-debugsource	< 1.8.0.382.b05-2.el9	java-1.8.0-openjdk-debugsource-1:1.8.0.382.b05-2.el9.ppc64le.rpm