ALSA-2023:5733

Source
https://errata.almalinux.org/9/ALSA-2023-5733.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:5733.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:5733
Related
Published
2023-10-18T00:00:00Z
Modified
2023-10-20T20:16:40Z
Summary
Moderate: java-1.8.0-openjdk security update
Details

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: segmentation fault in ciMethodBlocks (CVE-2022-40433)
  • OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067)
  • OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 8u392, increases it to 16 MB. (AlmaLinux-13593)
  • The /usr/bin/jfr alternative is now owned by the java-1.8.0-openjdk package (AlmaLinux-13583)
References

Affected packages

AlmaLinux:9 / java-1.8.0-openjdk

Package

Name
java-1.8.0-openjdk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-demo

Package

Name
java-1.8.0-openjdk-demo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-demo-fastdebug

Package

Name
java-1.8.0-openjdk-demo-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-demo-slowdebug

Package

Name
java-1.8.0-openjdk-demo-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-devel

Package

Name
java-1.8.0-openjdk-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-devel-fastdebug

Package

Name
java-1.8.0-openjdk-devel-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-devel-slowdebug

Package

Name
java-1.8.0-openjdk-devel-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-fastdebug

Package

Name
java-1.8.0-openjdk-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-headless

Package

Name
java-1.8.0-openjdk-headless

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-headless-fastdebug

Package

Name
java-1.8.0-openjdk-headless-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-headless-slowdebug

Package

Name
java-1.8.0-openjdk-headless-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-javadoc

Package

Name
java-1.8.0-openjdk-javadoc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-javadoc-zip

Package

Name
java-1.8.0-openjdk-javadoc-zip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-slowdebug

Package

Name
java-1.8.0-openjdk-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-src

Package

Name
java-1.8.0-openjdk-src

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-src-fastdebug

Package

Name
java-1.8.0-openjdk-src-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9

AlmaLinux:9 / java-1.8.0-openjdk-src-slowdebug

Package

Name
java-1.8.0-openjdk-src-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.392.b08-3.el9