|
|
Subscribe / Log in / New account

Red Hat alert RHSA-2023:5741-01 (java-11-openjdk)

An update for java-11-openjdk is now available for Red Hat Enterprise Linux
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment
and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: certificate path validation issue during client authentication
(8309966) (CVE-2023-22081)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Additional validity checks in the handling of Zip64 files, JDK-8302483,
were introduced in the 11.0.20 release of OpenJDK, causing the use of some
valid zip files to now fail with an error. This release, 11.0.20.1, allows
for zero-length headers and additional padding produced by some Zip64
creation tools. With both releases, the checks can be disabled using
-Djdk.util.zip.disableZip64ExtraFieldValidation=true. (RHBZ#2237171)

* A maximum signature file size property, jdk.jar.maxSignatureFileSize, was
introduced in the 11.0.20 release of OpenJDK by JDK-8300596, with a default
of 8 MB. This default proved to be too small for some JAR files. This
release, 11.0.20.1, increases it to 16 MB.

* The serviceability agent would print an exception when encountering null
addresses while producing thread dumps. These null values are now handled
appropriately. (JDK-8243210, RHEL-2762)

* The /usr/bin/jfr alternative is now owned by the java-11-openjdk package
(RHEL-13558)

* The jcmd tool is now provided by the java-11-openjdk-headless package,
rather than java-11-openjdk-devel, to make it more accessible (RHEL-13565)

This content is licensed under the Creative Commons Attribution 4.0
International License (https://creativecommons.org/licenses/by/4.0/). If you
distribute this content, or a modified version of it, you must provide
attribution to Red Hat Inc. and provide a link to the original.


Original: https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5741.json
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds