ELSA-2023-4177

ULN >
Oracle Linux Errata repository >
ELSA-2023-4177

ELSA-2023-4177 - java-17-openjdk security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-07-28

Description

[1:17.0.8.0.7-2.0.1]
- OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
- OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
- OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
- OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.8.0.6-0.1.ea]
- Update to jdk-17.0.8+6 (EA)
- Sync the copy of the portable specfile with the latest update
- Resolves: rhbz#2217716

[1:17.0.8.0.1-0.1.ea]
- Update to jdk-17.0.8+1 (EA)
- Update release notes to 17.0.8+1
- Switch to EA mode
- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1
- Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1.
- Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Related: rhbz#2217716

[1:17.0.7.0.7-4]
- Introduce vm_variant global for consistency with future JDK builds
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Fix packaging of CDS archives
- Resolves: rhbz#2203412

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm	69aaaad488864fa9609c095dec1cdc216ff2271889b712da22f4a3c442c2ed59	-	ol9_aarch64_appstream
	java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm	69aaaad488864fa9609c095dec1cdc216ff2271889b712da22f4a3c442c2ed59	-	ol9_aarch64_codeready_builder
	java-17-openjdk-17.0.8.0.7-2.0.1.el9.aarch64.rpm	389cb39d1aeb512c51308692839f77e4d35e5b79997394dd09e47ea1a2e6c398	-	ol9_aarch64_appstream
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.aarch64.rpm	06472e4720c7ed1c2b0b0ac1f1657b9c6bc6d3eba11df5d48e7925a422eb415f	-	ol9_aarch64_appstream
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	1f2d14fed03226436f92b7fb1a5c202e51f85c0b6b17745250f210e1cfc3e9c1	-	ol9_aarch64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	323b37e005889fabff3e56ff8d2b1da71e8772af1e4bf5202fd7e3d4a3471e23	-	ol9_aarch64_codeready_builder
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.aarch64.rpm	7739e770fa261b4c77fd93cc00d2c98d486ffd9ffb0fbe7fecfbcfc263157078	-	ol9_aarch64_appstream
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	fe0eaef8baf5fbced7abd40a54c230c58a9bd62649b1c998fee69f7081f02aee	-	ol9_aarch64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	eeb9d98558a99caff4c600008af36c3a8489861fc6eafd1c7586d014543d5387	-	ol9_aarch64_codeready_builder
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	7ed7a0f1d94270c3ca99e612e88515a522abffe0ded6a348a3afee9448c674c0	-	ol9_aarch64_codeready_builder
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.aarch64.rpm	8504ff98e62330946e0c53928a6b4566ee856d4deb2b438682125dcfea544170	-	ol9_aarch64_appstream
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	e8b02ca4f818f8c16cbdfe68282762b71dc8cff148b3046e4f327b3ce6c36f33	-	ol9_aarch64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	faf0e677fa78e990185ea6496ed1eda394ce658ef04a6c05e314b32eb74c55c4	-	ol9_aarch64_codeready_builder
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.aarch64.rpm	aff9c17da41a1f69c60e78852c5ea3bb4bbb08d2359bad6611ab14ba7638a64a	-	ol9_aarch64_appstream
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.aarch64.rpm	4b8159c73625cb816508b4a7f1236edcb75a5df9c2f87132f7e58b08748e2b0d	-	ol9_aarch64_appstream
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.aarch64.rpm	4de74dcccce35381272a9ac912d4b5fa69c3ca759648db17d1f48394487dd897	-	ol9_aarch64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	4195f7caf3b4423d8628cbf674f5cc445768c706fa99a5bff916d785e108b771	-	ol9_aarch64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	b5899574d41627005609ac413e8b58138bbdab5492212e6f7e8a2d072fbb0480	-	ol9_aarch64_codeready_builder
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	cbe85597524764ca7da7cc7e228e8416d146040582e6d01ddea22f548f19596d	-	ol9_aarch64_codeready_builder
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.aarch64.rpm	ea46ce8d383a5c4f0fe67d4455f52ee823a758f7c93afbcf85c42927bc7a59ea	-	ol9_aarch64_appstream
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	04430c9c575e626632e7190d317411c5c5b66f9615700bb41a88a052eadb57b9	-	ol9_aarch64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	92a90050dfc44b9dce6d6653cc5c6074e5fea61b178edc7b2b56c972781d3646	-	ol9_aarch64_codeready_builder
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.aarch64.rpm	4dbbf63306ba837f0f04e153b71694989460b9f6d1da4bb8754f50a862f2ab27	-	ol9_aarch64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	58ad4d21ad577c1302843e4c27be5dae1337139f1be6a725cb8cb1ef6b3ad4cd	-	ol9_aarch64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm	d5f5c043d6f9bc4df2b610a9e2a29ae98d80cecacbc595f9b2139366f0dbcded	-	ol9_aarch64_codeready_builder

Oracle Linux 9 (x86_64)	java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm	69aaaad488864fa9609c095dec1cdc216ff2271889b712da22f4a3c442c2ed59	-	ol9_x86_64_appstream
	java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm	69aaaad488864fa9609c095dec1cdc216ff2271889b712da22f4a3c442c2ed59	-	ol9_x86_64_codeready_builder
	java-17-openjdk-17.0.8.0.7-2.0.1.el9.x86_64.rpm	59ae8449820096c25b7dc79c5fe5bae0fc0245b7c6bd5f255ed00c4bd60cc463	-	ol9_x86_64_appstream
	java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.x86_64.rpm	c87c94ea3ff73ecaaa29fee682674d93fb342b27e0ff6a6fd5f749c80add11a8	-	ol9_x86_64_appstream
	java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	188b717ce38f2c70680a0135e6e0a9c5ae5cba0331fe939b72d56eb01ebf7638	-	ol9_x86_64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	aa6eee2fbb224308c9ceb2b52cf47d9934afe3d759bbc3d3f015339150a4affd	-	ol9_x86_64_codeready_builder
	java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.x86_64.rpm	efa1561e449744fc978a147c257d7803c80e5016606712a279e402c7601cb60a	-	ol9_x86_64_appstream
	java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	07711fc98b661b0470e90b071fc91a7c53c7d95e25d636488b0c8b4d03c20a23	-	ol9_x86_64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	8c4e4dcc2bd3c02a439df499d6505f7aacf2f39d8f0df3f5773edbc347467e3a	-	ol9_x86_64_codeready_builder
	java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	95ff4dbe9f1089cc01169c71c987c28dd1086a726b48959971418b8b6ba6fd93	-	ol9_x86_64_codeready_builder
	java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.x86_64.rpm	8dd94762793a3c6aebd7373a451b626c87cc9a3985de61faf59650d201e378fd	-	ol9_x86_64_appstream
	java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	e1589ff6f3c44f8ee08fcfbcfb55355ff317fff1f403330e27436ce5d66cd17d	-	ol9_x86_64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	0cd5beceba0315d0269874579902f4a40c91fa502b4e58644e68fd185bb9bd4a	-	ol9_x86_64_codeready_builder
	java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.x86_64.rpm	1db0f9ad30c1b732d76f85afb995c0e38ab883bc24cd8dcfefffae7caa98b4d1	-	ol9_x86_64_appstream
	java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.x86_64.rpm	c8f93fc4c02fe08f022d29b442e61c13fdf11ca97d5cb03f1a9aea6891e3bed9	-	ol9_x86_64_appstream
	java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.x86_64.rpm	7d279f32992e9f34df55c67286caac467cd7e0dd8bd8386f4a6b12b822eb00ee	-	ol9_x86_64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	96fb3fafa587eb01942a975eeb0ad36762da70bfe06c015f9fa188ba67ab23c7	-	ol9_x86_64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	f9dbec0a30a858c44ace252ce9d60ded752dc12d36da4f879f0b9eba4bfa3637	-	ol9_x86_64_codeready_builder
	java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	fa297bcc2e915622014cd15e1e51a74279cb799bd9890beddfd8cea36ad4390d	-	ol9_x86_64_codeready_builder
	java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.x86_64.rpm	ed19246b70f352dac38d0875b81e0d77004e86576d16ae19dce34eb6e29ed478	-	ol9_x86_64_appstream
	java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	4140784f1b9d0c4abcf84beeab1dc7b4387be5bf4c3cdaf092c36bcf54e864fa	-	ol9_x86_64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	cb8c394bb346a6503d36f3cd09dc967d0ef5a174377360423ee3afda204fdb4e	-	ol9_x86_64_codeready_builder
	java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.x86_64.rpm	38608aca256ccdba9e14be76162c3062cb57e001a4c04fdc865696d9d2523035	-	ol9_x86_64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	fab02d2141d6b3cd7a1035392e8079e92385c359a3afe6d524bf81a7fabf2f51	-	ol9_x86_64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm	fdfd803ece8d56b7311483ca9874e538c8cf5c7d4638c441cfd4130754b71609	-	ol9_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691