Bug 2187724 (CVE-2023-21939) - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)
Summary: CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-21939
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2185197 2185198 2185199 2185200 2185201 2185202 2185203 2185204 2185205 2185206 2185207 2185208 2185209 2185210 2185211 2185212 2185213 2185214 2185215 2185216 2185217 2185218 2185219 2185220 2185221 2185222 2185223 2185224 2185225 2185226 2185227 2185228 2185229 2188616 2215911 2215912 2215913
Blocks: 2185177
TreeView+ depends on / blocked
 
Reported: 2023-04-18 14:29 UTC by Mauro Matteo Cascella
Modified: 2023-09-13 08:34 UTC (History)
21 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-04-25 16:41:22 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:1924 0 None None None 2023-04-24 00:21:22 UTC
Red Hat Product Errata RHBA-2023:1925 0 None None None 2023-04-24 00:21:54 UTC
Red Hat Product Errata RHBA-2023:1926 0 None None None 2023-04-24 00:22:07 UTC
Red Hat Product Errata RHBA-2023:1928 0 None None None 2023-04-24 01:10:42 UTC
Red Hat Product Errata RHBA-2023:1936 0 None None None 2023-04-24 08:42:24 UTC
Red Hat Product Errata RHBA-2023:1937 0 None None None 2023-04-24 11:22:58 UTC
Red Hat Product Errata RHBA-2023:1938 0 None None None 2023-04-24 11:45:26 UTC
Red Hat Product Errata RHBA-2023:1939 0 None None None 2023-04-24 11:29:27 UTC
Red Hat Product Errata RHBA-2023:1940 0 None None None 2023-04-24 12:57:54 UTC
Red Hat Product Errata RHBA-2023:1942 0 None None None 2023-04-24 14:20:44 UTC
Red Hat Product Errata RHBA-2023:1955 0 None None None 2023-04-25 05:29:23 UTC
Red Hat Product Errata RHBA-2023:2011 0 None None None 2023-04-25 23:25:28 UTC
Red Hat Product Errata RHBA-2023:2025 0 None None None 2023-04-26 09:58:26 UTC
Red Hat Product Errata RHBA-2023:2028 0 None None None 2023-04-26 11:35:48 UTC
Red Hat Product Errata RHBA-2023:2034 0 None None None 2023-04-26 18:40:59 UTC
Red Hat Product Errata RHBA-2023:2049 0 None None None 2023-04-27 14:07:55 UTC
Red Hat Product Errata RHBA-2023:2050 0 None None None 2023-04-27 14:07:45 UTC
Red Hat Product Errata RHBA-2023:2054 0 None None None 2023-04-27 16:18:33 UTC
Red Hat Product Errata RHBA-2023:2066 0 None None None 2023-05-01 22:11:31 UTC
Red Hat Product Errata RHBA-2023:2079 0 None None None 2023-05-02 10:16:09 UTC
Red Hat Product Errata RHBA-2023:2090 0 None None None 2023-05-03 02:23:47 UTC
Red Hat Product Errata RHBA-2023:2142 0 None None None 2023-05-08 01:05:08 UTC
Red Hat Product Errata RHBA-2023:3160 0 None None None 2023-05-17 01:48:52 UTC
Red Hat Product Errata RHBA-2023:3168 0 None None None 2023-05-17 10:30:16 UTC
Red Hat Product Errata RHBA-2023:3172 0 None None None 2023-05-17 10:36:42 UTC
Red Hat Product Errata RHBA-2023:3173 0 None None None 2023-05-17 10:30:37 UTC
Red Hat Product Errata RHBA-2023:3174 0 None None None 2023-05-17 10:40:55 UTC
Red Hat Product Errata RHBA-2023:3226 0 None None None 2023-05-18 14:08:17 UTC
Red Hat Product Errata RHBA-2023:3376 0 None None None 2023-05-31 12:49:34 UTC
Red Hat Product Errata RHBA-2023:3378 0 None None None 2023-05-31 12:50:04 UTC
Red Hat Product Errata RHBA-2023:5037 0 None None None 2023-09-11 08:42:54 UTC
Red Hat Product Errata RHSA-2023:1875 0 None None None 2023-04-19 13:31:22 UTC
Red Hat Product Errata RHSA-2023:1877 0 None None None 2023-04-19 13:58:11 UTC
Red Hat Product Errata RHSA-2023:1878 0 None None None 2023-04-19 14:19:55 UTC
Red Hat Product Errata RHSA-2023:1879 0 None None None 2023-04-19 15:07:17 UTC
Red Hat Product Errata RHSA-2023:1880 0 None None None 2023-04-19 15:27:14 UTC
Red Hat Product Errata RHSA-2023:1882 0 None None None 2023-04-19 19:27:48 UTC
Red Hat Product Errata RHSA-2023:1883 0 None None None 2023-04-19 19:27:34 UTC
Red Hat Product Errata RHSA-2023:1884 0 None None None 2023-04-19 19:36:47 UTC
Red Hat Product Errata RHSA-2023:1885 0 None None None 2023-04-19 19:36:33 UTC
Red Hat Product Errata RHSA-2023:1889 0 None None None 2023-04-20 00:29:54 UTC
Red Hat Product Errata RHSA-2023:1890 0 None None None 2023-04-20 00:48:11 UTC
Red Hat Product Errata RHSA-2023:1891 0 None None None 2023-04-20 01:14:27 UTC
Red Hat Product Errata RHSA-2023:1892 0 None None None 2023-04-20 01:36:20 UTC
Red Hat Product Errata RHSA-2023:1895 0 None None None 2023-04-20 02:02:13 UTC
Red Hat Product Errata RHSA-2023:1898 0 None None None 2023-04-20 02:30:21 UTC
Red Hat Product Errata RHSA-2023:1899 0 None None None 2023-04-20 02:47:24 UTC
Red Hat Product Errata RHSA-2023:1900 0 None None None 2023-04-20 03:01:37 UTC
Red Hat Product Errata RHSA-2023:1903 0 None None None 2023-04-25 11:06:32 UTC
Red Hat Product Errata RHSA-2023:1904 0 None None None 2023-04-25 02:49:25 UTC
Red Hat Product Errata RHSA-2023:1905 0 None None None 2023-04-25 03:20:15 UTC
Red Hat Product Errata RHSA-2023:1906 0 None None None 2023-04-25 03:44:01 UTC
Red Hat Product Errata RHSA-2023:1907 0 None None None 2023-04-25 10:40:24 UTC
Red Hat Product Errata RHSA-2023:1908 0 None None None 2023-04-25 04:18:53 UTC
Red Hat Product Errata RHSA-2023:1909 0 None None None 2023-04-25 04:01:24 UTC
Red Hat Product Errata RHSA-2023:1910 0 None None None 2023-04-25 10:24:27 UTC
Red Hat Product Errata RHSA-2023:1911 0 None None None 2023-04-25 03:09:00 UTC
Red Hat Product Errata RHSA-2023:1912 0 None None None 2023-04-25 11:06:19 UTC
Red Hat Product Errata RHSA-2023:4103 0 None None None 2023-07-17 08:48:28 UTC
Red Hat Product Errata RHSA-2023:4160 0 None None None 2023-07-31 09:30:51 UTC

Description Mauro Matteo Cascella 2023-04-18 14:29:56 UTC
An HTML validation flaw was found in the Swing component of OpenJDK. A specially crafted HTML document could cause a Swing Java application to misbehave leading to integrity problems.

Comment 9 Mauro Matteo Cascella 2023-04-19 11:07:38 UTC
A new security property was introduced as part of the fix:

- System Property to Handle HTML ObjectView Creation

Quoting from JDK release notes: "Some Swing components, such as JLabels and JButtons, which display application text, will try to interpret that text as HTML, principally to enable styled text. The HTML processing of the text for these components will no longer recognize the <object> tag which allows for subclasses of java.awt.Component to be rendered on the component. To re-enable this, applications must specify -Dswing.html.object=true."

Comment 10 errata-xmlrpc 2023-04-19 13:31:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1875 https://access.redhat.com/errata/RHSA-2023:1875

Comment 11 errata-xmlrpc 2023-04-19 13:58:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1877 https://access.redhat.com/errata/RHSA-2023:1877

Comment 12 errata-xmlrpc 2023-04-19 14:19:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1878 https://access.redhat.com/errata/RHSA-2023:1878

Comment 13 errata-xmlrpc 2023-04-19 15:07:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1879 https://access.redhat.com/errata/RHSA-2023:1879

Comment 14 errata-xmlrpc 2023-04-19 15:27:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1880 https://access.redhat.com/errata/RHSA-2023:1880

Comment 15 errata-xmlrpc 2023-04-19 19:27:32 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.19

Via RHSA-2023:1883 https://access.redhat.com/errata/RHSA-2023:1883

Comment 16 errata-xmlrpc 2023-04-19 19:27:46 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.19

Via RHSA-2023:1882 https://access.redhat.com/errata/RHSA-2023:1882

Comment 17 errata-xmlrpc 2023-04-19 19:36:31 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.7

Via RHSA-2023:1885 https://access.redhat.com/errata/RHSA-2023:1885

Comment 18 errata-xmlrpc 2023-04-19 19:36:45 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.7

Via RHSA-2023:1884 https://access.redhat.com/errata/RHSA-2023:1884

Comment 19 errata-xmlrpc 2023-04-20 00:29:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1889 https://access.redhat.com/errata/RHSA-2023:1889

Comment 20 errata-xmlrpc 2023-04-20 00:48:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1890 https://access.redhat.com/errata/RHSA-2023:1890

Comment 21 errata-xmlrpc 2023-04-20 01:14:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1891 https://access.redhat.com/errata/RHSA-2023:1891

Comment 22 errata-xmlrpc 2023-04-20 01:36:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1892 https://access.redhat.com/errata/RHSA-2023:1892

Comment 23 errata-xmlrpc 2023-04-20 02:02:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1895 https://access.redhat.com/errata/RHSA-2023:1895

Comment 24 errata-xmlrpc 2023-04-20 02:30:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1898 https://access.redhat.com/errata/RHSA-2023:1898

Comment 25 errata-xmlrpc 2023-04-20 02:47:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1899 https://access.redhat.com/errata/RHSA-2023:1899

Comment 26 errata-xmlrpc 2023-04-20 03:01:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1900 https://access.redhat.com/errata/RHSA-2023:1900

Comment 28 errata-xmlrpc 2023-04-25 02:49:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1904 https://access.redhat.com/errata/RHSA-2023:1904

Comment 29 errata-xmlrpc 2023-04-25 03:08:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1911 https://access.redhat.com/errata/RHSA-2023:1911

Comment 30 errata-xmlrpc 2023-04-25 03:20:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1905 https://access.redhat.com/errata/RHSA-2023:1905

Comment 31 errata-xmlrpc 2023-04-25 03:43:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1906 https://access.redhat.com/errata/RHSA-2023:1906

Comment 32 errata-xmlrpc 2023-04-25 04:01:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1909 https://access.redhat.com/errata/RHSA-2023:1909

Comment 33 errata-xmlrpc 2023-04-25 04:18:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1908 https://access.redhat.com/errata/RHSA-2023:1908

Comment 34 errata-xmlrpc 2023-04-25 10:24:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1910 https://access.redhat.com/errata/RHSA-2023:1910

Comment 35 errata-xmlrpc 2023-04-25 10:40:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1907 https://access.redhat.com/errata/RHSA-2023:1907

Comment 36 errata-xmlrpc 2023-04-25 11:06:17 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u362

Via RHSA-2023:1912 https://access.redhat.com/errata/RHSA-2023:1912

Comment 37 errata-xmlrpc 2023-04-25 11:06:30 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u362

Via RHSA-2023:1903 https://access.redhat.com/errata/RHSA-2023:1903

Comment 38 Product Security DevOps Team 2023-04-25 16:41:20 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-21939

Comment 40 errata-xmlrpc 2023-07-17 08:48:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4103 https://access.redhat.com/errata/RHSA-2023:4103

Comment 41 errata-xmlrpc 2023-07-31 09:30:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2023:4160 https://access.redhat.com/errata/RHSA-2023:4160


Note You need to log in before you can comment on or make changes to this bug.