ELSA-2023-4159

ULN >
Oracle Linux Errata repository >
ELSA-2023-4159

ELSA-2023-4159 - java-17-openjdk security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-07-26

Description

[1:17.0.8.0.7-2.0.1]
- OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
- OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
- OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
- OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.8.0.6-0.1.ea]
- Update to jdk-17.0.8+6 (EA)
- Sync the copy of the portable specfile with the latest update
- Resolves: rhbz#2217716

[1:17.0.8.0.1-0.1.ea]
- Update to jdk-17.0.8+1 (EA)
- Update release notes to 17.0.8+1
- Switch to EA mode
- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1
- Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1.
- Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Related: rhbz#2217716

[1:17.0.7.0.7-4]
- Introduce vm_variant global for consistency with future JDK builds
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Fix packaging of CDS archives
- Resolves: rhbz#2203412

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	java-17-openjdk-17.0.8.0.7-2.0.1.el8.src.rpm	eb621ba13c9b81ccb0cad64fd3e4ad95e759e449887e744b7dd02fe1f3262a13	-	ol8_aarch64_appstream
	java-17-openjdk-17.0.8.0.7-2.0.1.el8.src.rpm	eb621ba13c9b81ccb0cad64fd3e4ad95e759e449887e744b7dd02fe1f3262a13	-	ol8_aarch64_codeready_builder
	java-17-openjdk-17.0.8.0.7-2.0.1.el8.aarch64.rpm	40725820a0253a235b042997c17aa70fc02da95f123df5d627970c1ab2afac85	-	ol8_aarch64_appstream
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el8.aarch64.rpm	10dda23203f1b474cd177b6c7636ae6c3af1d2ba7b2931781f971427ab7b1bc4	-	ol8_aarch64_appstream
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	6cbee49b037c5c94a735611a65e9389aad22dca85019a2d00b433eae0746a510	-	ol8_aarch64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	025802db1535e9e71c54e6ea7de477ef42cc28318942aafd530943cbe6768e1b	-	ol8_aarch64_codeready_builder
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el8.aarch64.rpm	1f6b909958f8bc5c07de7749b746ba09e30b7b9b6156d54c0fcc01d03ee6c242	-	ol8_aarch64_appstream
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	aa823f762b560a7b4f5361600af5a9be35cb026fe4b289a3272a44def0e56508	-	ol8_aarch64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	db08af5ef9e167a41d7e2fcad918c50322029a0b874326fb972735cecc6a53f0	-	ol8_aarch64_codeready_builder
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	3dd71fdb2c468cbafb9e44293b62ff6ea1b3b67a90f5961171dca22cf08a9a9f	-	ol8_aarch64_codeready_builder
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el8.aarch64.rpm	b0cd40d1bcc47c0778b4a340d9e1ad4f602ca473ec2cdc545bd3c65db0b89a19	-	ol8_aarch64_appstream
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	f9eb1acce57aa0ff8a119b0b00ec5b396aba9acf0eb3fb6b11a7c41c9432f888	-	ol8_aarch64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	e19bee28f5510bd955999a26e4e33116a0a25d19637b8b1e17afccc6fd641986	-	ol8_aarch64_codeready_builder
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el8.aarch64.rpm	4e4eda9f26f4be76f768f1fb6d4bd0bed9e5b60a58fb7e8163574a086585ca0e	-	ol8_aarch64_appstream
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el8.aarch64.rpm	e576272f66563bf8efd6b2a63f18975fcb78bfd364016a9f4f64ce9477bae52a	-	ol8_aarch64_appstream
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el8.aarch64.rpm	9e741d7420f959e787a50154b5dc6ea376909529bc4093bb0b782cb33cfe9950	-	ol8_aarch64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	9db493274074dfca45dfa1a0ac883590177db4cfbafed6e8be34a9a62bbea9b9	-	ol8_aarch64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	174139b0c94fecd80ed5875a48f923bfaf652106e154cf1b1f3a5575ffd16454	-	ol8_aarch64_codeready_builder
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	c0b98497b2b531f8667c50891f37daffec7f59b6e540553ff5b2d61e00f23450	-	ol8_aarch64_codeready_builder
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el8.aarch64.rpm	fe7f3ef78ef698f931eb494e5e7ec23157967e14f74332b17c814d1cb3c31a2e	-	ol8_aarch64_appstream
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	179fc44cb8cf40609e27414cb348938b91d186c4f4968d2c4ec6395b1bded00f	-	ol8_aarch64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	ac0608382f01c38abaadf1eba5c56aad99bf8005d76ce26c52038054772993e2	-	ol8_aarch64_codeready_builder
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el8.aarch64.rpm	56ab9176cb68ed82162a7f2715e6ab5cf6755673d6f5b40a5eb546bdcfc484af	-	ol8_aarch64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	99316d0498935b73d7de91bbbccb16a1cab21ca15c1424fbd1bb3caa941be3a0	-	ol8_aarch64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	229d67202182272a875333ba4ac5f8f91b4b0fe172927a885250121cc93cdc1d	-	ol8_aarch64_codeready_builder

Oracle Linux 8 (x86_64)	java-17-openjdk-17.0.8.0.7-2.0.1.el8.src.rpm	eb621ba13c9b81ccb0cad64fd3e4ad95e759e449887e744b7dd02fe1f3262a13	-	ol8_x86_64_appstream
	java-17-openjdk-17.0.8.0.7-2.0.1.el8.src.rpm	eb621ba13c9b81ccb0cad64fd3e4ad95e759e449887e744b7dd02fe1f3262a13	-	ol8_x86_64_codeready_builder
	java-17-openjdk-17.0.8.0.7-2.0.1.el8.x86_64.rpm	e3b48cf3c031fe068b440ba3b66f6c182ae4fb73aa83f4375ab65568848ae20d	-	ol8_x86_64_appstream
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el8.x86_64.rpm	6786aea701c8c1062f63f409bcbe77d1abb284136fd8dc0f5b65ebbf052696f2	-	ol8_x86_64_appstream
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	bbe80252fa0b2153a784743d31f71b773093bb667760da49b51f0390eba4d2dc	-	ol8_x86_64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	7ce648658919412ad42ceca077b4b89cb9a8d911a2dd20e0804199718e826f33	-	ol8_x86_64_codeready_builder
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el8.x86_64.rpm	4b1d2c1bc568ef964270600a4c90f24941a380474ccd69592fd0535299ea5a79	-	ol8_x86_64_appstream
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	7b7a64556cb1de8bdc32e0c0bd1450ced6d1515139de80300bdf0e7974b18a77	-	ol8_x86_64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	d2e0976f37ad0d527fc35fb02caae264b05b96fac10aa5cb46fe474b17a76e33	-	ol8_x86_64_codeready_builder
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	f916a52c93a3d546e38a37cba5527bc5d1799bff2e1a63645895440e8530d90c	-	ol8_x86_64_codeready_builder
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el8.x86_64.rpm	1eb3cb3d95da7e32969ca83dec29216a72a6218c0836a74d25f68f19b72e7382	-	ol8_x86_64_appstream
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	42d55ac36de1d505c0fcc42e35e397ccaa0ad45bd97d8ca523cdf40e29272e25	-	ol8_x86_64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	d25ec9c09077027f3014c6b3c5414100b60929f71e7c4d2512056771f4699917	-	ol8_x86_64_codeready_builder
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el8.x86_64.rpm	9d7cd971430f6f2a23cb1b1872836ff35081e0f5d1eed1247d97c8f0fe11aab8	-	ol8_x86_64_appstream
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el8.x86_64.rpm	99fcb2049be84eb03d999b7d3483976c4c3582c270d2d21da03b4fb69f65dd3d	-	ol8_x86_64_appstream
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el8.x86_64.rpm	46716d1e6363f19eb299ad52a5042619d9fd0c99ad0d9df917a384ef4fe7eb9d	-	ol8_x86_64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	19158e45f61f38a21e78b60fb2ea23f5703fa63c67a39bde808d8e7e40bff65f	-	ol8_x86_64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	87f07d5ece9b523a8fcdbcacbfc66b513aa5b6d10b8d1e3a87d291c298d61e54	-	ol8_x86_64_codeready_builder
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	f750e11d44c3d6f876d494d23f68f7c5cf31946a32deb9e871896d3268c2fddc	-	ol8_x86_64_codeready_builder
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el8.x86_64.rpm	88a7e9f044ac219fee46b1a2708b4f129704401b6f8a6d2a5b6a0814fdb086d3	-	ol8_x86_64_appstream
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	f01406ea86b20acefcc65e583c016e27155c363c6f29df5987dc01f16c437e82	-	ol8_x86_64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	d0a0214272268a1e4a8083562edb09e2421f079daca1d9e4a150a52f2beec724	-	ol8_x86_64_codeready_builder
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el8.x86_64.rpm	967066128c6ea9dff9459d37e982dece0209db8d9ddcc131c69b4571b5ed6443	-	ol8_x86_64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	887d96bdc82b6e31de06732bebc04f32ac7b60f2e80b22aebed49499f5ed9778	-	ol8_x86_64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	0344856e15dea6184d204b86938e0113c102299b831a4de5a801738e9123e0fa	-	ol8_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691