Advisory: CLSA-2023:1688679628
OS: CentOS 6 ELS
Public date: 2023-07-06 17:40:31
Project: java-1.8.0-openjdk
Version: 1.8.0.372.b07-1.el6.tuxcare.els1
Errata link: https://errata.cloudlinux.com/els6/CLSA-2023-1688679628.html
- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs: - CVE-2023-21930: Improper connection handling during TLS handshake (8294474) - CVE-2023-21937: Missing string checks for NULL characters (8296622) - CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder (8295304) - CVE-2023-21939: Swing HTML parsing issue (8296832) - CVE-2023-21954: Incorrect enqueue of references in garbage collector (8298191) - CVE-2023-21967: Certificate validation issue in TLS session negotiation (8298310) - CVE-2023-21968: Missing check for slash characters in URI-to-path conversion (8298667) - Update tzdata requirement to 2023c to match JDK-8305113 - Include JDK-8271199 fix from the upcoming jdk8u382 in advance - Remove patches which are not used
Update command: yum update java-1.8.0-openjdk*
java-1.8.0-openjdk-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el6.tuxcare.els1.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.372.b07-1.el6.tuxcare.els1.noarch.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.372.b07-1.el6.tuxcare.els1.x86_64.rpm