Fedora Account System
Red Hat Associate
Red Hat Customer
The JSSE client will complete the TLS 1.3 handshake without receiving the EncryptedExtensions message which may lead to weakening the protections that TLS provides.
OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/517df6c40d2e04729526c285ed32cf91ea5be969 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/898c0078ad1fee02b899b8e8987d2c944c8d6f54 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/645ef7b7c2f1d59200f80e62736d7a724a679906 OpenJDK-21 upstream commit: https://github.com/openjdk/jdk21u/commit/bab305aff7bff5603507aa1516396728c1a1e146
This CVE was fixed in Oracle Java SE 8u461, 11.0.28, 17.0.16, 21.0.8. https://www.oracle.com/java/technologies/javase/8u461-relnotes.html#R180_461 https://www.oracle.com/java/technologies/javase/11-0-28-relnotes.html#R11_0_28 https://www.oracle.com/java/technologies/javase/17-0-16-relnotes.html#R17_0_16 https://www.oracle.com/java/technologies/javase/21-0-8-relnotes.html