java-1.8.0-openjdk-1.8.0.362.b09-2.el8

エラータID: AXSA:2023-4869:03

Release date: 
Friday, January 27, 2023 - 11:20
Subject: 
java-1.8.0-openjdk-1.8.0.362.b09-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830)
* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() (BZ#2139705)
* Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-8] (BZ#2159910)
* solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [rhel-8, openjdk-8] (BZ#2163595)

CVE-2023-21830
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2023-21830
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.362.b09-2.el8.src.rpm
    MD5: 4c84ca3b069afe6a3c11d822524e99cc
    SHA-256: c575afdf437a99be5b088c876cbd62ac32d1dbd6544c558069fe7e1c2b2d4704
    Size: 55.76 MB

Asianux Server 8 for x86_64
  1. java-1.8.0-openjdk-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 64a42a1ad20dd12979fde09ed9e746ed
    SHA-256: c4a59ae41337cd97df792a9488e521a57ba51436e45cc104eedbf8d581f694b2
    Size: 542.59 kB
  2. java-1.8.0-openjdk-accessibility-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 06f4740852d078442435ee594d7df78a
    SHA-256: be12b78354fd1434a93eb4864fb675e516ac50ece1e4e129f29c5ef7d9c17c1e
    Size: 113.39 kB
  3. java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: bdfae427226b629bfcef30a960835304
    SHA-256: bc81b713236a141bb27dffb5835da8e3ab62199f5d61717f353964bc53d2b4e6
    Size: 113.23 kB
  4. java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: bc525c839a62ae1152faa6e03ebb70c9
    SHA-256: e0405f64de55ef18d4b9f3b2d3f4b0afb82c1a2f2e84a86ed00032de9a8d4f3c
    Size: 113.23 kB
  5. java-1.8.0-openjdk-demo-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 4ba88ba953c7af8b3dd69778c7864008
    SHA-256: 103bc8cbe22b8a893529022f8769fd299acc37fafab95a7cd908335d3dd4ae50
    Size: 2.06 MB
  6. java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 953333db158a550386fc14da1353ae62
    SHA-256: 064bfa65a4d29d9efa37885bb546f6f2fd8aa7cf5e34abd0620f374c58dd8221
    Size: 2.08 MB
  7. java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 29d43e4606a4b2ecac7c2d349b59148f
    SHA-256: f04556a935b7d28fe0f2e9c4a5f3ad1ab41aa2e9b9c7fa547cd989fd0f4b1e87
    Size: 2.08 MB
  8. java-1.8.0-openjdk-devel-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 1a2f429d0f7c67e2d58bf221f8fe8d5c
    SHA-256: dd27436c8d55a893d38dc90cab481b71f891bb1b0234218f3b588e2f2cbc4fdc
    Size: 9.93 MB
  9. java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 2924134303910c7ba7fc9534e6587ce9
    SHA-256: 74762e88c08de9d2c0a61ee43b55a72dc18a0adf65a577fb86c6cdc32631f5d3
    Size: 9.94 MB
  10. java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 5950f80653788f042147c7c2d5a87fc6
    SHA-256: f8b73d556d2be3203aacf6b9e903baacc2a34fcac1720db62d60b5caf32ba845
    Size: 9.93 MB
  11. java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 7cce0f1cc09c747c03b0b1288bb1d7ac
    SHA-256: 68246238ce65ad6ac75b7b64b2a22f3f721c8efb0988d00caf28ad83020f6b0c
    Size: 556.04 kB
  12. java-1.8.0-openjdk-headless-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 9d060a922db8929b77ee7ed2bdb2865f
    SHA-256: 3d60d1fa6d6ade2f27145e3a67bb8b3cb4918f3c4b5eb252a9bef7739656615e
    Size: 34.35 MB
  13. java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: e6342eae5bb01e22358bf530a3635a0b
    SHA-256: 177e55ee779ff467158b9afc1e5ea10c0a13b27196a29a15169b95befa7147a1
    Size: 38.00 MB
  14. java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: d07aafc8dac04c05d17aa99cc9d1cbf2
    SHA-256: d90c6d5496224b9d10364028a9f5f40fdf8400da255baed882edc507c202b047
    Size: 36.16 MB
  15. java-1.8.0-openjdk-javadoc-1.8.0.362.b09-2.el8.noarch.rpm
    MD5: 4968ec34ddc8a710d2c503873cb8283b
    SHA-256: 0246e3f9602cae4b9a9248b772a2f84636d232513c9c33d828d3aa531e666f4c
    Size: 15.19 MB
  16. java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b09-2.el8.noarch.rpm
    MD5: 9114c9380ef38b619d8893f95b66b98d
    SHA-256: e1a5b3da04914c2a4f75ed9b3c8c78800a5370e7752eb8ee91019e334c2070a5
    Size: 41.62 MB
  17. java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 0f8ffe7d79d6df0640fe3f6388a2f1a0
    SHA-256: 38989e3dc18421df3927ddefe027ce7b20146d8500e495580c173a05a3f67f5c
    Size: 523.00 kB
  18. java-1.8.0-openjdk-src-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 9835f8cb96d24fe4c2db232d35c7ba7f
    SHA-256: 1c72e75f152490306c42bde8cd67e81726727f8ff6a822142805ace2cf72ef69
    Size: 45.47 MB
  19. java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: 941778b53d20667755c3325feeb3468c
    SHA-256: 86f61518ea01f945737506d04c01040d490bc837c1ff5b65661687131dcfbd91
    Size: 45.47 MB
  20. java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el8.x86_64.rpm
    MD5: b186207660be931b3dfd5c4a2145a5ca
    SHA-256: 82c0aa81b334a6cd68d00f5eb811e40d34faa212b0d0ced7f26cf7f1208c16ed
    Size: 45.47 MB