ALSA-2023:1909

[ALSA-2023:1909] Important: java-1.8.0-openjdk security and bug fix update

Type:

security

Severity:

important

Release date:

2023-05-02

Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
* OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
* OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
* OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
* OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
* OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* The RSAPSSSignature implementation works with RSA keys via the SunRSASign provider. However, it did not fully check that the RSA key could be used by the provider before attempting to do so, leading to the possibility of errors being returned with custom security providers. The implementation now validates RSA keys and will allow other providers to handle such keys where it cannot. (RHBZ#2188024)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	05482484e8ce52af76093507c24a2c56f541d42b12725531995e416800e2129f
aarch64	java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.aarch64.rpm	1091c8c77407352b01558ddfea5e7737f869983918ef6ff2d515292532b5146e
aarch64	java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.aarch64.rpm	1e952d1f4cd5d61732a4a6ab62c7655d2f3d924fe75a80b228eed65334867971
aarch64	java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	39b04df432deed4213e0d7706ebd410df51bbb6297bdc789b6a5c6ed3df3da9a
aarch64	java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.aarch64.rpm	3a195173560da0ec2217101b303c73a45e3fcd7caafc5773e866b49961ecea90
aarch64	java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	477de5566680dc7e6fda3af8f8df173829d545fa3546a37975bc854538972b76
aarch64	java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.aarch64.rpm	575cb6059e26ec0c61b705052896bd46305cbcda7e326729f93296f89eeb4235
aarch64	java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	57fa4af68285ab323a01769b069d420ec29868f44ec080cdd1085874f66b029d
aarch64	java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	622d78f8aee15d9707cae9a908695117d091f871232a364f9f78eaebfd79e18b
aarch64	java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	6d113eeb1cee1eebdd08a584b786c431814c8bda23f425891008c5308df857ce
aarch64	java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	971a9b6b2649baca8129b37ced550624d8a2696ad6ae0a08c309ad25288d1514
aarch64	java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.aarch64.rpm	9d0fc6965351a16cf0c9fc75b54c4b3ddd0af2b425595d25d198d457ad758f96
aarch64	java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	a75e1338e21a0aef356ea3e170f4b413dc722c690e81408b2a26436c32025375
aarch64	java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	d72b35e74c199adc2c794f441860231088297ee180bce24e43170d1d2c990e26
aarch64	java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.aarch64.rpm	de9f25203c2b9b606eda8bbba5654ff1106fedf81a6e18b2d099e6f64c528c61
noarch	java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el9_1.noarch.rpm	2711ce201b3b912fdbaa892c8b55c5f91f140bc424f492a5f7bb4ff282d29d84
noarch	java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el9_1.noarch.rpm	b21ea0f06466b6f20204c59af52b08a0a5675e760f790e4c907e6d0269e6f2ea
ppc64le	java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.ppc64le.rpm	0851866d3f12bf8e8321e45acb25648fdc5239c00a2a9b86d56be6ca4c92f4a6
ppc64le	java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	0d00c7d59914767af876639d26ba4d9cd457fa509f8790ec17dda8c1c9efde5e
ppc64le	java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.ppc64le.rpm	0d9ea40eb1db17b8d1f8fdf3c24f4500e6198f3238621c357965659bdc00ad5d
ppc64le	java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.ppc64le.rpm	2e20325800c310469f756a593e8ac3e0c567b841989d9dbfafd32b13990e7c73
ppc64le	java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	589d4f108257751f4ae7c5044e79cbdde917a77854453899f98411ce3dea0ad6
ppc64le	java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	5a1a9940446f85dcb39dd2d4eb70e78e90da77a24b856b7ae8c6979e54253195
ppc64le	java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	5e82bf4ddc10afae77594016458525c6dee6037bca26858449c2a9cc4991bcdd
ppc64le	java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	82d2c68ddda2f013f7145c19f4b02f7860eae2dea5e62e316b6c33a01241bfc5
ppc64le	java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.ppc64le.rpm	8b0be4f5ab6d8793e85a12ed1f1f56fbfac96f1e7dd3b9dedac8b133f3ab9846
ppc64le	java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	9b417f82d25620d76cf34f4bc2b9f074eebe20bd596c5441c77144e389aa0e81
ppc64le	java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	a500423dda7fb849eed05989c88c7363557bc1df0cefdd20add10d1660c30df3
ppc64le	java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	addba0d6e8034c1f1dfacfc9bd58470da75a13f944e00d25408917b10688b57a
ppc64le	java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	ce132ccb39d8a952c50b551598be8366f1d76502f7ab7a8b3c1ac8399fe2850b
ppc64le	java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.ppc64le.rpm	edc573c937e6d5d502af265e95cab55adb73b7d0adc2ab347200a994d63a859d
ppc64le	java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.ppc64le.rpm	fa59f28ab4ea24b25eb17c4a8c3e46f417f29eb645e0fbf503088559a438a18e
s390x	java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.s390x.rpm	1dbee311dccd53ca2d4b9ab63a55db2e59e3a66a6d3b76e6ebf70c1669c1c3e2
s390x	java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.s390x.rpm	39c1eb013d0418310aa80d650231c3a078430e9142176fb0972bc385707a93e6
s390x	java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.s390x.rpm	b7467409c07e0483d5e814cad0ed0c8f78d3396aea9fcba32e234d5f75d990d7
s390x	java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.s390x.rpm	be627087df55ee49c83967b25bd0091273ea1bfd1ddd897d55e2316a38b7294e
s390x	java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.s390x.rpm	e24656d80c7c641d502ccf0ec6244cbed13de63cc6dcad652aa9193e8e4b6402
x86_64	java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	1a4d4d0f286fcdc114073fe32a5b5c672c72efbddc3eee4e4b3456d5bf272e1f
x86_64	java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	2106689c8d33707585191054bb52573bad4990ce5b02e1f8077c5de5aa3eddcb
x86_64	java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	3063db5bc3f05b54c9520382f53af41636bae9186b4dab9b948ad9b29d44578c
x86_64	java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el9_1.x86_64.rpm	32e80948d30c5733149b46703d971d530ad9cff860874bc8a76fccd8c294ee21
x86_64	java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el9_1.x86_64.rpm	4610b1783c22ae0316e0962207b447d9e01adafceb55600659a770def5cf6b1e
x86_64	java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	5c1424ca1e8c315c4c735d9c22313cf2d7aff89e699ab7d5f21a61fcd5a418d2
x86_64	java-1.8.0-openjdk-src-1.8.0.372.b07-1.el9_1.x86_64.rpm	6184c84d029f45f7a9339799c10ea0c7b8db95815838bcc359698a4f839077fb
x86_64	java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1.x86_64.rpm	6af53b76c6a9469bbd823b86669c4a752c8a66f7cd4d1c65f5806bd03c02b792
x86_64	java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el9_1.x86_64.rpm	7e111b9f183724a38c4633d967dcbb5c55f0c67d6dbbe21ece25c8af2c1745fa
x86_64	java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	8a11833976c70b271c15e85620c7b68334ae9b5caa6be0120412f16d83f844c1
x86_64	java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	9add13bf30c9e7c80f6b05d01a3b735ef8fa56bc7792b9f657ccc4dc552b75cd
x86_64	java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	c2430cd2938554bcf8634edf0b06ecdd1b52056bf76a7fb622bb112c5cbc9b2d
x86_64	java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	c5ba5c1ae4558db432eb1be03e77802f954485e3a7a416227e2002e2c228601e
x86_64	java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	cb5b9dded3a134c9a3fc3edca805b3190aec57ada0215d361c762c2a29efefa4
x86_64	java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el9_1.x86_64.rpm	cf3bfdd70a61895bb560c750d5c78474c57bca4937af84398d299f76807e2849

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.