ELSA-2023-4159

ULN >
Oracle Linux Errata repository >
ELSA-2023-4159

ELSA-2023-4159 - java-17-openjdk security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2023-07-26

Description

[1:17.0.8.0.7-2.0.1]
- OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
- OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
- OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
- OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.8.0.6-0.1.ea]
- Update to jdk-17.0.8+6 (EA)
- Sync the copy of the portable specfile with the latest update
- Resolves: rhbz#2217716

[1:17.0.8.0.1-0.1.ea]
- Update to jdk-17.0.8+1 (EA)
- Update release notes to 17.0.8+1
- Switch to EA mode
- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1
- Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1.
- Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Related: rhbz#2217716

[1:17.0.7.0.7-4]
- Introduce vm_variant global for consistency with future JDK builds
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Fix packaging of CDS archives
- Resolves: rhbz#2203412

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	java-17-openjdk-17.0.8.0.7-2.0.1.el8.src.rpm	ce5d39f113aea22416ec4a3271548b4e	-
	java-17-openjdk-17.0.8.0.7-2.0.1.el8.aarch64.rpm	479f1027b4d381cc8716d8de69972919	-
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el8.aarch64.rpm	f40910a86b9bcc0c8dd9dc564c7af9c4	-
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	c327aeb904cfea3addca71aabcbfcfdc	-
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	528c0e00bc1f1c03ff6fb9d703188c35	-
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el8.aarch64.rpm	06035fcec9e7db7e0f7a4ee737687eeb	-
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	b96896434735ce970df23a5162df9781	-
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	7fae3110819c643c0d1543fcb31c02f4	-
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	fb857cd2e092305408bddc21325b44ee	-
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el8.aarch64.rpm	ee48dd78d4beea6e3b8bdb3c1ee5cfdd	-
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	995e5c9508f5bbbebede756e0052b180	-
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	ea77d9706f496404b2c69f5afa4a2bad	-
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el8.aarch64.rpm	8ba1d9a6f8b28700ce46d7f718d45708	-
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el8.aarch64.rpm	3cda7c3244e09adeff26f385ed0bb27d	-
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el8.aarch64.rpm	5cc73d0be522725d5db64a2cfb219d94	-
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	e616dab34262fc4cfb20ce595b58cb05	-
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	38591513c81509e45966a70861d6f4d2	-
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	ae67cef1c048eb16cfd63ec83c2fb673	-
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el8.aarch64.rpm	91a63534db1610ee8d9171a85e75cf5c	-
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	58402edce7b91830f825cfeac578927d	-
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	3d6089bc3bd20f2831c8035dfc3dc7ee	-
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el8.aarch64.rpm	ef85fb6ae2b16fb168517209fc700554	-
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	9a7b83d26b58cd37fe59782b43e3766f	-
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el8.aarch64.rpm	994763f0164440ebb64e6c13add1e8c8	-

Oracle Linux 8 (x86_64)	java-17-openjdk-17.0.8.0.7-2.0.1.el8.src.rpm	ce5d39f113aea22416ec4a3271548b4e	-
	java-17-openjdk-17.0.8.0.7-2.0.1.el8.x86_64.rpm	8a295f70121416bcf081ffb53625f2df	-
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el8.x86_64.rpm	4ba929153334c678847514e7fc69a7af	-
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	770b38841096516b8c8b5dbc39fe654a	-
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	fdc145d4b8916c1408de77a0dc4494bb	-
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el8.x86_64.rpm	9f7ea1d189f9e179d0bbfe8379555949	-
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	42e6d753e9ae320b72384358e246c656	-
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	33d1bc849080d903f0bfbd7472f093ca	-
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	732ac9ef337a411df5caeef2b9603ab1	-
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el8.x86_64.rpm	eecfff6225363593dfe22150d9328b83	-
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	43e61161a4fa2bd199833b1203d0585d	-
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	5d75104ebb5103bd7edcea38f75def2b	-
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el8.x86_64.rpm	103302b293d00c9837c15366deed6807	-
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el8.x86_64.rpm	e1b7f0ca8d6d412c4d9cc4e4a7bcc6d5	-
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el8.x86_64.rpm	970e020502dc4c84b30dc8f8be7bb947	-
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	d32d87496d0fb474413e0dff0a6c16e1	-
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	6b43861b803f885c9218bcfec9e85710	-
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	e777bb1dc912ddd47eaa8eb9158174f1	-
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el8.x86_64.rpm	6cc7cf7e7fc669effc82575e5ca1d913	-
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	0f44618eddf45011d305af87a7ae3dca	-
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	bba5d90e13ff4289bebd1de648eb1b82	-
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el8.x86_64.rpm	cccecc56b24b6d669021462772397625	-
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	7b129e933593cf6b6eb3935368dc6555	-
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el8.x86_64.rpm	ef3c869d134ba2e3044f47f58ca444c1	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691