Bug 2160475 (CVE-2023-21843) - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)
Summary: CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-21843
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2160115 2160116 2160117 2160118 2160119 2160120 2160121 2160122 2160123 2160124 2160126 2160127 2160128 2160129 2160130 2160131 2160132 2160133 2160134 2160135 2160138 2160139 2160140 2160141 2160142 2160143 2160144 2160145 2160146 2164052 2183464 2183465 2184080 2184081
Blocks: 2159709
TreeView+ depends on / blocked
 
Reported: 2023-01-12 14:39 UTC by Mauro Matteo Cascella
Modified: 2023-08-07 09:25 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-29 10:22:31 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:0190 0 None None None 2023-01-18 10:28:24 UTC
Red Hat Product Errata RHSA-2023:0191 0 None None None 2023-01-18 10:29:56 UTC
Red Hat Product Errata RHSA-2023:0192 0 None None None 2023-01-18 10:30:03 UTC
Red Hat Product Errata RHSA-2023:0193 0 None None None 2023-01-18 10:26:32 UTC
Red Hat Product Errata RHSA-2023:0194 0 None None None 2023-01-23 09:21:14 UTC
Red Hat Product Errata RHSA-2023:0195 0 None None None 2023-01-23 09:22:48 UTC
Red Hat Product Errata RHSA-2023:0196 0 None None None 2023-01-18 10:28:54 UTC
Red Hat Product Errata RHSA-2023:0197 0 None None None 2023-01-18 10:29:07 UTC
Red Hat Product Errata RHSA-2023:0198 0 None None None 2023-01-18 10:29:39 UTC
Red Hat Product Errata RHSA-2023:0199 0 None None None 2023-01-18 10:28:39 UTC
Red Hat Product Errata RHSA-2023:0200 0 None None None 2023-01-18 10:30:17 UTC
Red Hat Product Errata RHSA-2023:0201 0 None None None 2023-01-18 10:29:46 UTC
Red Hat Product Errata RHSA-2023:0202 0 None None None 2023-01-18 10:22:37 UTC
Red Hat Product Errata RHSA-2023:0203 0 None None None 2023-01-24 09:00:28 UTC
Red Hat Product Errata RHSA-2023:0204 0 None None None 2023-01-23 15:23:27 UTC
Red Hat Product Errata RHSA-2023:0205 0 None None None 2023-01-23 17:53:40 UTC
Red Hat Product Errata RHSA-2023:0206 0 None None None 2023-01-23 17:58:17 UTC
Red Hat Product Errata RHSA-2023:0207 0 None None None 2023-01-23 18:21:50 UTC
Red Hat Product Errata RHSA-2023:0208 0 None None None 2023-01-26 21:05:13 UTC
Red Hat Product Errata RHSA-2023:0209 0 None None None 2023-01-23 18:17:55 UTC
Red Hat Product Errata RHSA-2023:0210 0 None None None 2023-01-26 15:56:03 UTC
Red Hat Product Errata RHSA-2023:0352 0 None None None 2023-01-23 22:44:25 UTC
Red Hat Product Errata RHSA-2023:0353 0 None None None 2023-01-23 22:40:09 UTC
Red Hat Product Errata RHSA-2023:0354 0 None None None 2023-01-23 22:34:04 UTC
Red Hat Product Errata RHSA-2023:0387 0 None None None 2023-01-23 22:33:50 UTC
Red Hat Product Errata RHSA-2023:0388 0 None None None 2023-01-23 22:40:30 UTC
Red Hat Product Errata RHSA-2023:0389 0 None None None 2023-01-23 22:44:45 UTC
Red Hat Product Errata RHSA-2023:3136 0 None None None 2023-05-16 18:14:19 UTC

Description Mauro Matteo Cascella 2023-01-12 14:39:22 UTC
Java Sound component did not properly check the provenience of the Soundbank, potentially allowing an untrusted Java application or applet to construct a Soundbank from a remote attacker-controlled URL.

Comment 8 errata-xmlrpc 2023-01-18 10:22:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0202 https://access.redhat.com/errata/RHSA-2023:0202

Comment 9 errata-xmlrpc 2023-01-18 10:26:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0193 https://access.redhat.com/errata/RHSA-2023:0193

Comment 10 errata-xmlrpc 2023-01-18 10:28:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0190 https://access.redhat.com/errata/RHSA-2023:0190

Comment 11 errata-xmlrpc 2023-01-18 10:28:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0199 https://access.redhat.com/errata/RHSA-2023:0199

Comment 12 errata-xmlrpc 2023-01-18 10:28:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0196 https://access.redhat.com/errata/RHSA-2023:0196

Comment 13 errata-xmlrpc 2023-01-18 10:29:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0197 https://access.redhat.com/errata/RHSA-2023:0197

Comment 14 errata-xmlrpc 2023-01-18 10:29:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0198 https://access.redhat.com/errata/RHSA-2023:0198

Comment 15 errata-xmlrpc 2023-01-18 10:29:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0201 https://access.redhat.com/errata/RHSA-2023:0201

Comment 16 errata-xmlrpc 2023-01-18 10:29:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0191 https://access.redhat.com/errata/RHSA-2023:0191

Comment 17 errata-xmlrpc 2023-01-18 10:30:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0192 https://access.redhat.com/errata/RHSA-2023:0192

Comment 18 errata-xmlrpc 2023-01-18 10:30:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0200 https://access.redhat.com/errata/RHSA-2023:0200

Comment 20 errata-xmlrpc 2023-01-23 09:21:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0194 https://access.redhat.com/errata/RHSA-2023:0194

Comment 21 errata-xmlrpc 2023-01-23 09:22:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0195 https://access.redhat.com/errata/RHSA-2023:0195

Comment 22 errata-xmlrpc 2023-01-23 15:23:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0204 https://access.redhat.com/errata/RHSA-2023:0204

Comment 23 errata-xmlrpc 2023-01-23 17:53:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0205 https://access.redhat.com/errata/RHSA-2023:0205

Comment 24 errata-xmlrpc 2023-01-23 17:58:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0206 https://access.redhat.com/errata/RHSA-2023:0206

Comment 25 errata-xmlrpc 2023-01-23 18:17:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0209 https://access.redhat.com/errata/RHSA-2023:0209

Comment 26 errata-xmlrpc 2023-01-23 18:21:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0207 https://access.redhat.com/errata/RHSA-2023:0207

Comment 27 errata-xmlrpc 2023-01-23 22:33:48 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u362

Via RHSA-2023:0387 https://access.redhat.com/errata/RHSA-2023:0387

Comment 28 errata-xmlrpc 2023-01-23 22:34:03 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u362

Via RHSA-2023:0354 https://access.redhat.com/errata/RHSA-2023:0354

Comment 29 errata-xmlrpc 2023-01-23 22:40:07 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.18

Via RHSA-2023:0353 https://access.redhat.com/errata/RHSA-2023:0353

Comment 30 errata-xmlrpc 2023-01-23 22:40:28 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.18

Via RHSA-2023:0388 https://access.redhat.com/errata/RHSA-2023:0388

Comment 31 errata-xmlrpc 2023-01-23 22:44:23 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.6

Via RHSA-2023:0352 https://access.redhat.com/errata/RHSA-2023:0352

Comment 32 errata-xmlrpc 2023-01-23 22:44:44 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 17.0.6

Via RHSA-2023:0389 https://access.redhat.com/errata/RHSA-2023:0389

Comment 33 errata-xmlrpc 2023-01-24 09:00:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0203 https://access.redhat.com/errata/RHSA-2023:0203

Comment 35 errata-xmlrpc 2023-01-26 15:56:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0210 https://access.redhat.com/errata/RHSA-2023:0210

Comment 36 errata-xmlrpc 2023-01-26 21:05:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0208 https://access.redhat.com/errata/RHSA-2023:0208

Comment 37 Product Security DevOps Team 2023-01-29 10:22:28 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-21843

Comment 38 errata-xmlrpc 2023-05-16 18:14:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2023:3136 https://access.redhat.com/errata/RHSA-2023:3136


Note You need to log in before you can comment on or make changes to this bug.