Advisory ROSA-SA-2023-2315

Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2020-14583 BDU-ID: 2020-03866 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Libraries component of the Oracle Java SE and Oracle Java SE Embedded software platform...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK related to the JSSE component...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Storage Scale packaged in Elastic Storage Server

Summary There are multiple vulnerabilities in Java™ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to October 2023 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in October 2023. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

PT-2023-9571

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 Oracle GraalVM for JDK versions 17.0.12, 21.0.4, 23 Oracle GraalVM Enterprise Edition versions 20.3.15, 21.3.11 Description The issue is related to the Serialization...

PT-2023-9572

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 Oracle GraalVM for JDK versions 17.0.12, 21.0.4, 23 Oracle GraalVM Enterprise Edition versions 20.3.15, 21.3.11 Description The issue allows an unauthenticated attacker wi...

Improper Access Control

openjdk8 is vulnerable to Improper Access Control. An attacker can unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data via CORBA...

SUSE SLES12: java-1_8_0-ibm / java-1_8_0-ibm-alsa / java-1_8_0-ibm-devel / etc (SUSE-SU-2023:4614-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4614-1 advisory. - Update to Java 8.0 Service Refresh 8 Fix Pack 15: Oracle October 17 2023 CPU bsc1216640 Security fixes: - CVE-2023-22081: Fixed...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Apr 2023 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.17 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details CVEID: CVE-2023-21930 DESCRIPTION: An unspecified...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenJDK vulnerabilities (USN-6527-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6527-1 advisory. Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code...

SUSE SLES15: java-1_8_0-openj9 / java-1_8_0-openj9-accessibility / etc (SUSE-SU-2023:4612-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4612-1 advisory. Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine - CVE-2023-22067: Fixed an IOR deserialization issue in CORBA...

SUSE SLES15: java-1_8_0-ibm / java-1_8_0-ibm-32bit / java-1_8_0-ibm-alsa / etc (SUSE-SU-2023:4572-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4572-1 advisory. - Update to Java 8.0 Service Refresh 8 Fix Pack 15: Oracle October 17 2023 CPU bsc1216640 Security fixes: -...

SUSE SLES12: java-1_8_0-openjdk / java-1_8_0-openjdk-demo / etc (SUSE-SU-2023:4507-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4507-1 advisory. Update to version jdk8u392 icedtea-3.29.0 October 2023 CPU: - CVE-2023-22067: Fixed IOR deserialization issue in CORBA bsc1216379. ...

SUSE SLES15: java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc (SUSE-SU-2023:4506-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4506-1 advisory. Update to version jdk8u392 icedtea-3.29.0 October 2023 CPU: - CVE-2023-22067: Fixed IOR deserialization issue in CORB...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

OESA-2023-1839 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7...

Oracle Linux 9 : java-21-openjdk (ELSA-2023-6738)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6738 advisory. 1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable...

OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

RHEL 8 : java-21-openjdk (RHSA-2023:6887)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6887 advisory. The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixe...

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2023-3130)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...