Bug 2243627 (CVE-2023-22081)
Summary: | CVE-2023-22081 OpenJDK: certificate path validation issue during client authentication (8309966) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ahughes, caswilli, chazlett, fjansen, kaycoth, khosford, mbalao, neugens, pjindal, security-response-team, sraghupu |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2250284 | ||
Bug Blocks: | 2242826 |
Description
Mauro Matteo Cascella
2023-10-12 09:37:15 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5742 https://access.redhat.com/errata/RHSA-2023:5742 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5739 https://access.redhat.com/errata/RHSA-2023:5739 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5741 https://access.redhat.com/errata/RHSA-2023:5741 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5743 https://access.redhat.com/errata/RHSA-2023:5743 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5747 https://access.redhat.com/errata/RHSA-2023:5747 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5740 https://access.redhat.com/errata/RHSA-2023:5740 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5750 https://access.redhat.com/errata/RHSA-2023:5750 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5752 https://access.redhat.com/errata/RHSA-2023:5752 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5737 https://access.redhat.com/errata/RHSA-2023:5737 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5753 https://access.redhat.com/errata/RHSA-2023:5753 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5744 https://access.redhat.com/errata/RHSA-2023:5744 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.9 Via RHSA-2023:5746 https://access.redhat.com/errata/RHSA-2023:5746 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.21 Via RHSA-2023:5734 https://access.redhat.com/errata/RHSA-2023:5734 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.21 Via RHSA-2023:5735 https://access.redhat.com/errata/RHSA-2023:5735 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.9 Via RHSA-2023:5745 https://access.redhat.com/errata/RHSA-2023:5745 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u392 Via RHSA-2023:5726 https://access.redhat.com/errata/RHSA-2023:5726 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u392 Via RHSA-2023:5725 https://access.redhat.com/errata/RHSA-2023:5725 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5736 https://access.redhat.com/errata/RHSA-2023:5736 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5751 https://access.redhat.com/errata/RHSA-2023:5751 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5761 https://access.redhat.com/errata/RHSA-2023:5761 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5731 https://access.redhat.com/errata/RHSA-2023:5731 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5732 https://access.redhat.com/errata/RHSA-2023:5732 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5727 https://access.redhat.com/errata/RHSA-2023:5727 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5728 https://access.redhat.com/errata/RHSA-2023:5728 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5729 https://access.redhat.com/errata/RHSA-2023:5729 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5733 https://access.redhat.com/errata/RHSA-2023:5733 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5730 https://access.redhat.com/errata/RHSA-2023:5730 OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/32ec85f1ee2c9d1cc5109d4c4678d2aadf6dbf09 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/e60621f7f8ade409bc01f84d2be08afc1ccfc2bb OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/3a391232c8aa4fdf54d73ec725bdb4b4e9192bb5 Oracle CPU October 2023: https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA Fixed in Oracle Java SE 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1. Release notes: https://www.oracle.com/java/technologies/javase/8u391-relnotes.html https://www.oracle.com/java/technologies/javase/8u391-perf-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-21-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-9-relnotes.html https://www.oracle.com/java/technologies/javase/21-0-1-relnotes.html This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6738 https://access.redhat.com/errata/RHSA-2023:6738 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6887 https://access.redhat.com/errata/RHSA-2023:6887 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0866 https://access.redhat.com/errata/RHSA-2024:0866 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2024:0879 https://access.redhat.com/errata/RHSA-2024:0879 |