RHSA-2023:5731 -- Redhat java-1.8.0-openjdkID: oval:org.secpod.oval:def:95131 | Date: (C)2023-11-30 (M)2024-04-03 |
Class: PATCH | Family: unix |
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: segmentation fault in ciMethodBlocks (CVE-2022-40433) * OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 8u392, increases it to 16 MB. (RHEL-13635) * The /usr/bin/jfr alternative is now owned by the java-1.8.0-openjdk package (RHEL-13641)
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
java-1.8.0-openjdk |