{"id":"MGASA-2023-0272","summary":"Updated java packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities and a file conflict :\n\nImproper connection handling during TLS handshake. (CVE-2023-21930)\n\nIncorrect enqueue of references in garbage collector. (CVE-2023-21954)\n\nCertificate validation issue in TLS session negotiation.\n(CVE-2023-21967)\n\nSwing HTML parsing issue. (CVE-2023-21939)\n\nIncorrect handling of NULL characters in ProcessBuilder.\n(CVE-2023-21938)\n\nMissing string checks for NULL characters. (CVE-2023-21937)\n\nMissing check for slash characters in URI-to-path conversion.\n(CVE-2023-21968)\n\nArray indexing integer overflow issue. (CVE-2023-22045)\n\nImproper handling of slash characters in URI-to-path conversion.\n(CVE-2023-22049)\n\nO(n^2) growth via consecutive marks. (CVE-2023-25193)\n\nHTTP client insufficient file name validation. (CVE-2023-22006)\n\nZIP file parsing infinite loop. (CVE-2023-22036)\n\nModulo operator array indexing issue. (CVE-2023-22044)\n\nWeakness in AES implementation. (CVE-2023-22041)\n","modified":"2026-02-04T03:22:11.747757Z","published":"2023-09-30T19:15:40Z","related":["CVE-2023-21930","CVE-2023-21937","CVE-2023-21938","CVE-2023-21939","CVE-2023-21954","CVE-2023-21967","CVE-2023-21968","CVE-2023-22006","CVE-2023-22036","CVE-2023-22041","CVE-2023-22044","CVE-2023-22045","CVE-2023-22049","CVE-2023-25193"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0272.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32203"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25193"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22044"},{"type":"REPORT","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2023:1904"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2023:1880"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2023:4178"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHBA-2023:4374"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2023:4169"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA"}],"affected":[{"package":{"name":"java-1.8.0-openjdk","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/java-1.8.0-openjdk?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0.382.b05-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0272.json"}},{"package":{"name":"java-11-openjdk","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/java-11-openjdk?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.20.0.8-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0272.json"}},{"package":{"name":"openjfx","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/openjfx?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.9.2-4.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0272.json"}},{"package":{"name":"java-1.8.0-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-1.8.0-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0.382.b05-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0272.json"}},{"package":{"name":"java-11-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-11-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.20.0.8-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0272.json"}},{"package":{"name":"java-17-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-17-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.0.8.0.7-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0272.json"}},{"package":{"name":"java-latest-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-latest-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20.0.2.0.9-1.rolling.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0272.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}