ALSA-2023:4159

See a problem?
Please try reporting it to the source first.
Source
https://errata.almalinux.org/8/ALSA-2023-4159.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:4159.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:4159
Related
Published
2023-07-20T00:00:00Z
Modified
2023-07-21T18:32:49Z
Summary
Moderate: java-17-openjdk security and bug fix update
Details

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
  • OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
  • OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
  • harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
  • OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
  • OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
  • OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Installing the same java-17-openjdk-headless package on two different systems resulted in distinct classes.jsa files getting generated. This was because the CDS archive was being generated by a post script action of the java-17-openjdk-headless package. This prevented the use of the dynamic dump feature, as the checksum in the archive would be different on each system. This is resolved in this release by using the .jsa files generated during the initial build. (RHBZ#2221655)
  • Prepare for the next quarterly OpenJDK upstream release (2023-07, 17.0.8) [almalinux-8] (BZ#2222368)
References

Affected packages

AlmaLinux:8 / java-17-openjdk

Package

Name
java-17-openjdk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-demo

Package

Name
java-17-openjdk-demo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-demo-fastdebug

Package

Name
java-17-openjdk-demo-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-demo-slowdebug

Package

Name
java-17-openjdk-demo-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-devel

Package

Name
java-17-openjdk-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-devel-fastdebug

Package

Name
java-17-openjdk-devel-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-devel-slowdebug

Package

Name
java-17-openjdk-devel-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-fastdebug

Package

Name
java-17-openjdk-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-headless

Package

Name
java-17-openjdk-headless

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-headless-fastdebug

Package

Name
java-17-openjdk-headless-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-headless-slowdebug

Package

Name
java-17-openjdk-headless-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-javadoc

Package

Name
java-17-openjdk-javadoc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-javadoc-zip

Package

Name
java-17-openjdk-javadoc-zip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-jmods

Package

Name
java-17-openjdk-jmods

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-jmods-fastdebug

Package

Name
java-17-openjdk-jmods-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-jmods-slowdebug

Package

Name
java-17-openjdk-jmods-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-slowdebug

Package

Name
java-17-openjdk-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-src

Package

Name
java-17-openjdk-src

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-src-fastdebug

Package

Name
java-17-openjdk-src-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-src-slowdebug

Package

Name
java-17-openjdk-src-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-static-libs

Package

Name
java-17-openjdk-static-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-static-libs-fastdebug

Package

Name
java-17-openjdk-static-libs-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8

AlmaLinux:8 / java-17-openjdk-static-libs-slowdebug

Package

Name
java-17-openjdk-static-libs-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.8.0.7-2.el8