A flaw was discovered in the CORBA component of OpenJDK in the way it performed deserialization of IOR (Interoperable Object Reference) string objects. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u392 Via RHSA-2023:5726 https://access.redhat.com/errata/RHSA-2023:5726
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u392 Via RHSA-2023:5725 https://access.redhat.com/errata/RHSA-2023:5725
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5761 https://access.redhat.com/errata/RHSA-2023:5761
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5731 https://access.redhat.com/errata/RHSA-2023:5731
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5732 https://access.redhat.com/errata/RHSA-2023:5732
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5727 https://access.redhat.com/errata/RHSA-2023:5727
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5728 https://access.redhat.com/errata/RHSA-2023:5728
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5729 https://access.redhat.com/errata/RHSA-2023:5729
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5733 https://access.redhat.com/errata/RHSA-2023:5733
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5730 https://access.redhat.com/errata/RHSA-2023:5730
OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/6930f190778e62c88ee0d7d382f61515031563e4
Oracle CPU October 2023: https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA Fixed in Oracle Java SE 8u391, 8u391-perf. Release notes: https://www.oracle.com/java/technologies/javase/8u391-relnotes.html https://www.oracle.com/java/technologies/javase/8u391-perf-relnotes.html
The readObject method has been amended such that, when reading the stringified IOR from serialized data, it will, by default, accept stringified IORs in IOR: URI format only. A system property was introduced, com.sun.CORBA.DynamicAny.Stubs.allowCorbanameInIOR, which when set to true, will revert the readObject method to its current behavior and disable the additional IOR checks. A system property was introduced, com.sun.CORBA.IDL.Stubs.allowCorbanameInIOR, which when set to false, will activate an IOR check when reading a stringified IOR from serialised data and constrain a stringified IOR to that of IOR: URI format. The default value of both system properties is true. For further information, see https://www.oracle.com/java/technologies/javase/8u391-relnotes.html.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0866 https://access.redhat.com/errata/RHSA-2024:0866
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2024:0879 https://access.redhat.com/errata/RHSA-2024:0879