- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json
- JSON Data
-
https://api.osv.dev/v1/vulns/CLSA-2023-1688679628
- Upstream
- Published
- 2023-07-06T21:40:45Z
- Modified
- 2026-05-29T01:18:54.518988431Z
- Summary
-
java-1.8.0-openjdk: Fix of 7 CVEs
- Details
-
- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs:
- CVE-2023-21930: Improper connection handling during TLS handshake (8294474)
- CVE-2023-21937: Missing string checks for NULL characters (8296622)
- CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder (8295304)
- CVE-2023-21939: Swing HTML parsing issue (8296832)
- CVE-2023-21954: Incorrect enqueue of references in garbage collector (8298191)
- CVE-2023-21967: Certificate validation issue in TLS session negotiation (8298310)
- CVE-2023-21968: Missing check for slash characters in URI-to-path conversion (8298667)
- Update tzdata requirement to 2023c to match JDK-8305113
- Include JDK-8271199 fix from the upcoming jdk8u382 in advance
- Remove patches which are not used
- References
-
Affected packages
CLSA-2023-1688679628 - OSV
