Updated java openjdk packages fix security vulnerabilities
Publication date: 28 Nov 2023Modification date: 27 Nov 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2022-40433 , CVE-2023-22081 , CVE-2023-22067
Description
The updated packages fix security vulnerabilities:
Segmentation fault in ciMethodBlocks. (CVE-2022-40433)
Certificate path validation issue during client authentication.
(CVE-2023-22081)
IOR deserialization issue in CORBA. (CVE-2023-22067)
References
- https://bugs.mageia.org/show_bug.cgi?id=32413
- https://access.redhat.com/errata/RHSA-2023:5732
- https://access.redhat.com/errata/RHSA-2023:5736
- https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40433
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22081
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22067
SRPMS
8/core
- java-1.8.0-openjdk-1.8.0.392.b08-1.mga8
- java-11-openjdk-11.0.21.0.9-1.mga8
9/core
- java-1.8.0-openjdk-1.8.0.392.b08-1.mga9
- java-11-openjdk-11.0.21.0.9-1.mga9
- java-latest-openjdk-21.0.1.0.12-1.rolling.1.mga9