{"id":"CLSA-2023-1688679628","summary":"java-1.8.0-openjdk: Fix of 7 CVEs","details":"- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs:\n- CVE-2023-21930: Improper connection handling during TLS handshake (8294474)\n- CVE-2023-21937: Missing string checks for NULL characters (8296622)\n- CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder (8295304)\n- CVE-2023-21939: Swing HTML parsing issue (8296832)\n- CVE-2023-21954: Incorrect enqueue of references in garbage collector (8298191)\n- CVE-2023-21967: Certificate validation issue in TLS session negotiation (8298310)\n- CVE-2023-21968: Missing check for slash characters in URI-to-path conversion (8298667)\n- Update tzdata requirement to 2023c to match JDK-8305113\n- Include JDK-8271199 fix from the upcoming jdk8u382 in advance\n- Remove patches which are not used","modified":"2026-06-01T00:33:16.032073128Z","published":"2023-07-06T21:40:45Z","upstream":["CVE-2023-21930","CVE-2023-21937","CVE-2023-21938","CVE-2023-21939","CVE-2023-21954","CVE-2023-21967","CVE-2023-21968"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/els6/CLSA-2023-1688679628.html"}],"affected":[{"package":{"name":"java-1.8.0-openjdk","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-debug","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-debug?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-demo","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-demo?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-demo-debug","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-demo-debug?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-devel","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-devel?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-devel-debug","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-devel-debug?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-headless","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-headless?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-headless-debug","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-headless-debug?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-javadoc","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-javadoc?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-javadoc-debug","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-javadoc-debug?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-src","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-src?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}},{"package":{"name":"java-1.8.0-openjdk-src-debug","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-src-debug?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.372.b07-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2023-1688679628.json"}}],"schema_version":"1.7.5"}