ELSA-2023-4177

ULN >
Oracle Linux Errata repository >
ELSA-2023-4177

ELSA-2023-4177 - java-17-openjdk security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2023-07-28

Description

[1:17.0.8.0.7-2.0.1]
- OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
- OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
- OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
- OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.8.0.6-0.1.ea]
- Update to jdk-17.0.8+6 (EA)
- Sync the copy of the portable specfile with the latest update
- Resolves: rhbz#2217716

[1:17.0.8.0.1-0.1.ea]
- Update to jdk-17.0.8+1 (EA)
- Update release notes to 17.0.8+1
- Switch to EA mode
- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1
- Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1.
- Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Related: rhbz#2217716

[1:17.0.7.0.7-4]
- Introduce vm_variant global for consistency with future JDK builds
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Fix packaging of CDS archives
- Resolves: rhbz#2203412

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 9 (aarch64)	java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm	d8d360964faf71c249176f798ffdf2bd	-
	java-17-openjdk-17.0.8.0.7-2.0.1.el9.aarch64.rpm	062d4846406538276b40c9eb0fbd7234	-
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.aarch64.rpm	ea5702edb4631635a592bb69a90e8630	-
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	5f8653879d30a5b53506617fe4e65f5b	-
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	5a1d9aa3c6159dec7b50873c48584ab4	-
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.aarch64.rpm	a5d9b9851c2d78d9dea8e644203e185e	-
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	41221ea4fb4095a16b04510d1132e5a7	-
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	3510f571c94af92b3c37ffe861801e2f	-
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	f2af9cd0c6b012063927e865cb8a0b3e	-
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.aarch64.rpm	8be3ecaab68b7e30f2afbdadc82d2da9	-
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	f70b631f10393c531b6091ca501ba419	-
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	0d65cdfcca3c5d9abc25425b04415ff3	-
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.aarch64.rpm	2bc65042607207a2c02484a630104833	-
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.aarch64.rpm	e3550126f0948c41ad02d78772d9e44d	-
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.aarch64.rpm	1acee852e1fa5388e0df1cc015d00ad0	-
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	3a5e680d84e551fa557f07337c229315	-
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	4c5ccf909c032b1eda11ee9bb54cd5b9	-
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	f7c7b75a9000ef6daf1c4b967fc9eabd	-
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.aarch64.rpm	e106a286722f9ceee612deecd1d729c4	-
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	41f42f19f879a4d41c8e806e4a85d586	-
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	dc3abcb00900fd34e66df7101689f30e	-
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.aarch64.rpm	3707cde61e63a3ead3a056f77d421893	-
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	e36e5e420dbba8f875aed5076d6390be	-
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	5b05a9a3f95dbf24c96704559a7793ce	-

Oracle Linux 9 (x86_64)	java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm	d8d360964faf71c249176f798ffdf2bd	-
	java-17-openjdk-17.0.8.0.7-2.0.1.el9.x86_64.rpm	81a2b551673a8c7fb94628a060f03394	-
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.x86_64.rpm	1b7284f254510e5703b755c92230f77a	-
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	dafc754654d48ee80f58b0b00d9e8c19	-
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	06e21e679d42f894796df0a112197ddf	-
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.x86_64.rpm	34fb365cafb8466ff270ddc881fadeaf	-
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	d72bf0f237e3f5b6c6571adec6d372d0	-
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	2126eccb680e0d3df9c77ce06e377153	-
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	f96352f9d5dad56c7df567477d83cbfe	-
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.x86_64.rpm	c89a447ca1ed3bfa25a539109389020e	-
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	b4121593bee7171841519f3a83330da4	-
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	3a417e9071abd817623c574b284847d7	-
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.x86_64.rpm	16beb86d217e9ab4f689ea8cb0843894	-
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.x86_64.rpm	2b94f4bbb22b85fbfa9bbefcae2fb268	-
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.x86_64.rpm	964dcac08c66e5d8aec22a66f25bf965	-
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	5ce8faa099cda381f9776f9f9cdad5f1	-
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	0db35bc37b8def1798cd889f7d6cb7d5	-
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	de52cc0d746fc4fd92c119d3a96743b2	-
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.x86_64.rpm	afaf5c2ace11a38584637c4654f8f03c	-
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	eb0f6f4d3e16fc2d64d7fa9cdd840a8a	-
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	d477307ffab672bcc06bf257cca65f03	-
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.x86_64.rpm	081f75eda9bfd1788b934e54af3b8640	-
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	4e10603d22f24c171ae1891cafd0d414	-
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	6f20309cba0164d37263bfba71d4ee24	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691