Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-4159

Опубликовано: 26 июл. 2023
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2023-4159: java-17-openjdk security and bug fix update (MODERATE)

[1:17.0.8.0.7-2.0.1]

  • OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
  • OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
  • OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
  • harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
  • OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
  • OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
  • OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
  • Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.8.0.6-0.1.ea]

  • Update to jdk-17.0.8+6 (EA)
  • Sync the copy of the portable specfile with the latest update
  • Resolves: rhbz#2217716

[1:17.0.8.0.1-0.1.ea]

  • Update to jdk-17.0.8+1 (EA)
  • Update release notes to 17.0.8+1
  • Switch to EA mode
  • Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1
  • Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1.
  • Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1
  • Use tapsets from the misc tarball
  • Introduce 'prelease' for the portable release versioning, to handle EA builds
  • Make sure root installation directory is created first
  • Use in-place substitution for all but the first of the tapset changes
  • Related: rhbz#2217716

[1:17.0.7.0.7-4]

  • Introduce vm_variant global for consistency with future JDK builds
  • Related: rhbz#2203412

[1:17.0.7.0.7-4]

  • Exclude classes_nocoops.jsa on i686 and arm32
  • Related: rhbz#2203412

[1:17.0.7.0.7-4]

  • Following JDK-8005165, class data sharing can be enabled on all JIT architectures
  • Related: rhbz#2203412

[1:17.0.7.0.7-4]

  • Fix packaging of CDS archives
  • Resolves: rhbz#2203412

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

java-17-openjdk

17.0.8.0.7-2.0.1.el8

java-17-openjdk-demo

17.0.8.0.7-2.0.1.el8

java-17-openjdk-demo-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-demo-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-devel

17.0.8.0.7-2.0.1.el8

java-17-openjdk-devel-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-devel-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-headless

17.0.8.0.7-2.0.1.el8

java-17-openjdk-headless-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-headless-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-javadoc

17.0.8.0.7-2.0.1.el8

java-17-openjdk-javadoc-zip

17.0.8.0.7-2.0.1.el8

java-17-openjdk-jmods

17.0.8.0.7-2.0.1.el8

java-17-openjdk-jmods-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-jmods-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-src

17.0.8.0.7-2.0.1.el8

java-17-openjdk-src-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-src-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-static-libs

17.0.8.0.7-2.0.1.el8

java-17-openjdk-static-libs-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-static-libs-slowdebug

17.0.8.0.7-2.0.1.el8

Oracle Linux x86_64

java-17-openjdk

17.0.8.0.7-2.0.1.el8

java-17-openjdk-demo

17.0.8.0.7-2.0.1.el8

java-17-openjdk-demo-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-demo-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-devel

17.0.8.0.7-2.0.1.el8

java-17-openjdk-devel-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-devel-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-headless

17.0.8.0.7-2.0.1.el8

java-17-openjdk-headless-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-headless-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-javadoc

17.0.8.0.7-2.0.1.el8

java-17-openjdk-javadoc-zip

17.0.8.0.7-2.0.1.el8

java-17-openjdk-jmods

17.0.8.0.7-2.0.1.el8

java-17-openjdk-jmods-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-jmods-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-src

17.0.8.0.7-2.0.1.el8

java-17-openjdk-src-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-src-slowdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-static-libs

17.0.8.0.7-2.0.1.el8

java-17-openjdk-static-libs-fastdebug

17.0.8.0.7-2.0.1.el8

java-17-openjdk-static-libs-slowdebug

17.0.8.0.7-2.0.1.el8

Связанные CVE

CVE-2023-22045
CVE-2023-22036
CVE-2023-22049
CVE-2023-25193
CVE-2023-22006
CVE-2023-22041
CVE-2023-22044

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2023:3287-1

suse-cvrf
почти 2 года назад

Security update for java-11-openjdk

suse-cvrf логотип

SUSE-SU-2023:3023-1

suse-cvrf
почти 2 года назад

Security update for java-17-openjdk

suse-cvrf логотип

SUSE-SU-2023:2990-1

suse-cvrf
почти 2 года назад

Security update for java-11-openjdk

oracle-oval логотип

ELSA-2023-4177

oracle-oval
почти 2 года назад

ELSA-2023-4177: java-17-openjdk security and bug fix update (MODERATE)

suse-cvrf логотип

SUSE-SU-2023:3441-1

suse-cvrf
почти 2 года назад

Security update for java-1_8_0-ibm