Java Sound component did not properly check the provenience of the Soundbank, potentially allowing an untrusted Java application or applet to construct a Soundbank from a remote attacker-controlled URL.
OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/45650552132297f296648ffccaa9668888c6707d OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/b46279bb15ab187e60c71b400e4363548969445a OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/00dbe881f5fb7b74c93762ddd06a33a716f786ce
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0202 https://access.redhat.com/errata/RHSA-2023:0202
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0193 https://access.redhat.com/errata/RHSA-2023:0193
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0190 https://access.redhat.com/errata/RHSA-2023:0190
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0199 https://access.redhat.com/errata/RHSA-2023:0199
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0196 https://access.redhat.com/errata/RHSA-2023:0196
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0197 https://access.redhat.com/errata/RHSA-2023:0197
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0198 https://access.redhat.com/errata/RHSA-2023:0198
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0201 https://access.redhat.com/errata/RHSA-2023:0201
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0191 https://access.redhat.com/errata/RHSA-2023:0191
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0192 https://access.redhat.com/errata/RHSA-2023:0192
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0200 https://access.redhat.com/errata/RHSA-2023:0200
Public now via Oracle CPU January 2023: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA Fixed in Oracle Java SE 8u361, 11.0.18, 17.0.6, 19.0.2. Release notes: https://www.oracle.com/java/technologies/javase/8u361-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-18-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-6-relnotes.html https://www.oracle.com/java/technologies/javase/19-0-2-relnotes.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0194 https://access.redhat.com/errata/RHSA-2023:0194
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0195 https://access.redhat.com/errata/RHSA-2023:0195
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0204 https://access.redhat.com/errata/RHSA-2023:0204
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0205 https://access.redhat.com/errata/RHSA-2023:0205
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0206 https://access.redhat.com/errata/RHSA-2023:0206
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0209 https://access.redhat.com/errata/RHSA-2023:0209
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0207 https://access.redhat.com/errata/RHSA-2023:0207
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u362 Via RHSA-2023:0387 https://access.redhat.com/errata/RHSA-2023:0387
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u362 Via RHSA-2023:0354 https://access.redhat.com/errata/RHSA-2023:0354
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.18 Via RHSA-2023:0353 https://access.redhat.com/errata/RHSA-2023:0353
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.18 Via RHSA-2023:0388 https://access.redhat.com/errata/RHSA-2023:0388
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.6 Via RHSA-2023:0352 https://access.redhat.com/errata/RHSA-2023:0352
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.6 Via RHSA-2023:0389 https://access.redhat.com/errata/RHSA-2023:0389
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0203 https://access.redhat.com/errata/RHSA-2023:0203
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0210 https://access.redhat.com/errata/RHSA-2023:0210
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0208 https://access.redhat.com/errata/RHSA-2023:0208
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-21843
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2023:3136 https://access.redhat.com/errata/RHSA-2023:3136