2221619 – OpenJDK: font processing denial of service vulnerability (8301998)

Bug 2221619 - OpenJDK: font processing denial of service vulnerability (8301998)

Summary: OpenJDK: font processing denial of service vulnerability (8301998)

Keywords:
Status:	CLOSED DUPLICATE of bug 2167254
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2221118 2221119 2221120 2221121 2221122 2221123 2221124 2221125 2221126 2221127 2221128 2221129 2221130 2221131 2221132 2221133 2222050
Blocks:	2221090
TreeView+	depends on / blocked

Reported:	2023-07-10 10:37 UTC by Mauro Matteo Cascella
Modified:	2023-08-28 12:22 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-16 12:32:22 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:4157	None	None	None	2023-07-19 17:23:50 UTC
Red Hat Product Errata	RHSA-2023:4158	None	None	None	2023-07-20 12:13:59 UTC
Red Hat Product Errata	RHSA-2023:4159	None	None	None	2023-07-20 12:17:40 UTC
Red Hat Product Errata	RHSA-2023:4161	None	None	None	2023-07-20 12:11:44 UTC
Red Hat Product Errata	RHSA-2023:4162	None	None	None	2023-07-19 17:21:51 UTC
Red Hat Product Errata	RHSA-2023:4163	None	None	None	2023-07-19 17:24:32 UTC
Red Hat Product Errata	RHSA-2023:4164	None	None	None	2023-07-19 17:23:24 UTC
Red Hat Product Errata	RHSA-2023:4165	None	None	None	2023-07-19 17:21:36 UTC
Red Hat Product Errata	RHSA-2023:4169	None	None	None	2023-07-19 17:23:59 UTC
Red Hat Product Errata	RHSA-2023:4170	None	None	None	2023-07-19 17:14:37 UTC
Red Hat Product Errata	RHSA-2023:4171	None	None	None	2023-07-19 17:17:48 UTC
Red Hat Product Errata	RHSA-2023:4175	None	None	None	2023-07-20 12:17:50 UTC
Red Hat Product Errata	RHSA-2023:4177	None	None	None	2023-07-20 12:13:51 UTC
Red Hat Product Errata	RHSA-2023:4208	None	None	None	2023-07-20 12:11:52 UTC
Red Hat Product Errata	RHSA-2023:4210	None	None	None	2023-07-20 12:12:06 UTC
Red Hat Product Errata	RHSA-2023:4211	None	None	None	2023-07-20 12:12:14 UTC
Red Hat Product Errata	RHSA-2023:4233	None	None	None	2023-07-21 14:01:11 UTC

Description Mauro Matteo Cascella 2023-07-10 10:37:02 UTC

It was discovered that the OpenJDK did not properly process fonts. A remote attacker could use this flaw to supply a specially crafted font that would cause a Java application to use an excessive amount of CPU, leading to a denial of service.

Comment 3 Mauro Matteo Cascella 2023-07-16 12:32:22 UTC


*** This bug has been marked as a duplicate of bug 2167254 ***

Comment 5 errata-xmlrpc 2023-07-19 17:14:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170

Comment 6 errata-xmlrpc 2023-07-19 17:17:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171

Comment 7 errata-xmlrpc 2023-07-19 17:21:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4165 https://access.redhat.com/errata/RHSA-2023:4165

Comment 8 errata-xmlrpc 2023-07-19 17:21:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4162 https://access.redhat.com/errata/RHSA-2023:4162

Comment 9 errata-xmlrpc 2023-07-19 17:23:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4164 https://access.redhat.com/errata/RHSA-2023:4164

Comment 10 errata-xmlrpc 2023-07-19 17:23:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4157 https://access.redhat.com/errata/RHSA-2023:4157

Comment 11 errata-xmlrpc 2023-07-19 17:23:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169

Comment 12 errata-xmlrpc 2023-07-19 17:24:31 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4163 https://access.redhat.com/errata/RHSA-2023:4163

Comment 13 errata-xmlrpc 2023-07-20 12:11:43 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.20

Via RHSA-2023:4161 https://access.redhat.com/errata/RHSA-2023:4161

Comment 14 errata-xmlrpc 2023-07-20 12:11:51 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.20

Via RHSA-2023:4208 https://access.redhat.com/errata/RHSA-2023:4208

Comment 15 errata-xmlrpc 2023-07-20 12:12:04 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.8

Via RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210

Comment 16 errata-xmlrpc 2023-07-20 12:12:13 UTC

This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.8

Via RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211

Comment 17 errata-xmlrpc 2023-07-20 12:13:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177

Comment 18 errata-xmlrpc 2023-07-20 12:13:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4158 https://access.redhat.com/errata/RHSA-2023:4158

Comment 19 errata-xmlrpc 2023-07-20 12:17:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159

Comment 20 errata-xmlrpc 2023-07-20 12:17:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4175 https://access.redhat.com/errata/RHSA-2023:4175

Comment 21 errata-xmlrpc 2023-07-21 14:01:09 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4233 https://access.redhat.com/errata/RHSA-2023:4233

Note You need to log in before you can comment on or make changes to this bug.

ahughes
caswilli
chazlett
dbhole
dffrench
dfitzmau
fjansen
gmccullo
gzaronik
hbraun
jdowland
jmartine
jvanek
kaycoth
neugens
ngough
pjindal
rgodfrey
security-response-team
sraghupu