RHSA-2023:4162: Moderate: java-11-openjdk security and bug fix update

First published: Wed Jul 19 2023(Updated: )

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.<br>Security Fix(es):<br><li> OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)</li> <li> OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)</li> <li> OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)</li> <li> harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)</li> <li> OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)</li> <li> OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> A virtual machine crash was observed in JDK 11.0.19 when executing the GregorianCalender.computeTime() method (JDK-8307683). It was found that although the root cause of the crash is an old issue, a recent fix for a rare issue in the C2 compiler (JDK-8297951) made the crash much more likely. To mitigate this, the fix has been reverted in JDK 11.0.20 and will be reapplied once JDK-8307683 is resolved. (RHBZ#2222496)</li>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2023:4162
• agent/software-canonical-lookup
• package-manager/redhat