An unspecified flaw was found in the way the Serialization component of OpenJDK performed deserialization of data from serialized input. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/259a33e4e11236f26ecebb4239771aafe59a0229
Public now via Oracle CPU January 2023: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA Fixed in Oracle Java SE 8u361. Release notes: https://www.oracle.com/java/technologies/javase/8u361-relnotes.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0204 https://access.redhat.com/errata/RHSA-2023:0204
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0205 https://access.redhat.com/errata/RHSA-2023:0205
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0206 https://access.redhat.com/errata/RHSA-2023:0206
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0209 https://access.redhat.com/errata/RHSA-2023:0209
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0207 https://access.redhat.com/errata/RHSA-2023:0207
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u362 Via RHSA-2023:0387 https://access.redhat.com/errata/RHSA-2023:0387
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u362 Via RHSA-2023:0354 https://access.redhat.com/errata/RHSA-2023:0354
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0203 https://access.redhat.com/errata/RHSA-2023:0203
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0210 https://access.redhat.com/errata/RHSA-2023:0210
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0208 https://access.redhat.com/errata/RHSA-2023:0208
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-21830
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2023:3136 https://access.redhat.com/errata/RHSA-2023:3136